Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

krusty1

[Resolvido!] System error 1400

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

krusty1    0

krusty1
Postado

Por favor, preciso de ajuda............Problema do system error code 1400...segue log pelo Combofix,

 

 

 

ComboFix 09-03-04.01 - Expert 2009-03-08 17:24:45.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.991.675 [GMT -3:00]

Executando de: c:\documents and settings\Expert\Meus documentos\Downloads\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Expert\Desktop\CFScript.txt.txt

AV: avast! antivirus 4.7.942 [VPS 000000-0] *On-access scanning disabled* (Outdated)

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

* Criado um novo ponto de restauro

 

FILE ::

c:\windows\gbiehbsb.dll

c:\windows\ping.exe

c:\windows\svchost

c:\windows\svcpool.dll

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-08 to 2009-03-08 ))))))))))))))))))))))))))))

.

 

2009-03-07 12:35 . 2009-03-08 17:27 11,581,472 --ahs---- c:\windows\system32\drivers\fidbox.dat

2009-03-07 12:35 . 2009-03-08 16:59 113,660 --ahs---- c:\windows\system32\drivers\fidbox.idx

2009-03-07 12:33 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\33784768.sys

2009-03-06 18:57 . 2009-03-06 18:57 <DIR> d-------- c:\arquivos de programas\Trend Micro

2009-03-05 21:06 . 2009-03-05 21:06 0 --a------ c:\windows\system32\commonpriv.log.lock

2009-03-01 19:45 . 2009-03-01 19:45 <DIR> d-------- c:\documents and settings\Expert\Dados de aplicativos\Malwarebytes

2009-03-01 19:45 . 2009-03-01 19:45 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-02-27 21:05 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2009-02-26 21:48 . 2009-02-26 21:48 1 ---hs---- C:\MSDOS.INF

2009-02-26 17:17 . 2009-02-26 17:17 244 --ah----- C:\sqmnoopt19.sqm

2009-02-26 17:17 . 2009-02-26 17:17 232 --ah----- C:\sqmdata19.sqm

2009-02-26 17:15 . 2009-02-26 17:15 244 --ah----- C:\sqmnoopt18.sqm

2009-02-26 17:15 . 2009-02-26 17:15 232 --ah----- C:\sqmdata18.sqm

2009-02-26 17:14 . 2009-02-26 17:14 244 --ah----- C:\sqmnoopt17.sqm

2009-02-26 17:14 . 2009-02-26 17:14 232 --ah----- C:\sqmdata17.sqm

2009-02-25 19:42 . 2009-02-25 19:42 244 --ah----- C:\sqmnoopt16.sqm

2009-02-25 19:42 . 2009-02-25 19:42 232 --ah----- C:\sqmdata16.sqm

2009-02-25 19:38 . 2009-02-25 19:38 244 --ah----- C:\sqmnoopt15.sqm

2009-02-25 19:38 . 2009-02-25 19:38 232 --ah----- C:\sqmdata15.sqm

2009-02-24 17:41 . 2009-02-24 17:41 244 --ah----- C:\sqmnoopt14.sqm

2009-02-24 17:41 . 2009-02-24 17:41 232 --ah----- C:\sqmdata14.sqm

2009-02-20 20:51 . 2009-02-20 20:51 244 --ah----- C:\sqmnoopt13.sqm

2009-02-20 20:51 . 2009-02-20 20:51 232 --ah----- C:\sqmdata13.sqm

2009-02-18 21:11 . 2009-02-18 21:11 244 --ah----- C:\sqmnoopt12.sqm

2009-02-18 21:11 . 2009-02-18 21:11 232 --ah----- C:\sqmdata12.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-08 19:25 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Grisoft(2)

2009-03-05 16:34 --------- d-----w c:\arquivos de programas\eMule

2009-02-09 23:20 --------- d-----w c:\documents and settings\Expert\Dados de aplicativos\uTorrent

2005-04-01 00:17 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

2008-12-01 21:14 2,880 --sh--r c:\windows\system32\oobe\dialmgr.dat

.

 

------- Sigcheck -------

 

2008-04-13 23:21 14336 ed2d69cd4b0ebe37efe11d4dc4abc68f c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\svchost.exe

2004-08-03 23:45 14336 5de3e7b6f7624552f2f06664f110820d c:\windows\system32\svchost.exe

2004-08-03 23:45 14336 5de3e7b6f7624552f2f06664f110820d c:\windows\system32\dllcache\svchost.exe

 

2008-04-13 23:20 82432 1fa3c4b2d7e35176e65fb69ab597b0f0 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ws2_32.dll

2004-08-03 23:45 82944 a5163442377d3c305bbff612f80047d7 c:\windows\system32\ws2_32.dll

2004-08-03 23:45 82944 a5163442377d3c305bbff612f80047d7 c:\windows\system32\dllcache\ws2_32.dll

 

2005-10-21 00:39 663552 49e396b88a2e6ad07b4ad87ec16ebbc8 c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll

2006-03-04 01:00 665600 0897aef03c1664f44010ff481bbac8e6 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll

2006-05-10 02:26 665600 60c78431362c31dc65c7d1dee7658ca9 c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll

2006-06-23 08:25 666624 11453709af903b3653f3cbde2b54f72c c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll

2006-09-14 05:36 666624 2eb0553ef4c52d51a52370bffce7340b c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll

2006-10-23 12:34 666624 66eac39bb74044d235e401f7447f089d c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll

2007-01-04 11:02 667136 b8b6a731fc318e2fb4e7f689b6f92631 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll

2007-02-19 12:23 667648 5925ece8848e66691e8720cc2b839844 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll

2007-04-18 09:44 667648 c30c08ad4d59d04af165b4a2be2b14dd c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll

2007-06-26 11:37 667648 13f701d4526f965abc71129e194c3dc3 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll

2007-08-22 09:57 667648 a8d6da26a5b8c56458d2222e524d8d29 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll

2007-10-11 03:00 668160 e3ffded59daadb3055be4ad155c38ca3 c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll

2007-12-06 21:46 668160 2324e8e86733233a9435f9ea6a92b6e2 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll

2008-02-16 06:32 668160 f3ad9df6b30d5a3f67b5561109640958 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll

2008-04-21 03:57 668672 10e93d1903bc15dc94fdf5a97994b120 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll

2008-04-21 03:44 668160 1aaf9f5394ab45664147e9cd6bd58eb4 c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll

2008-04-21 03:30 668672 c72070f8a201f0dde3f4a6e7a0297261 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll

2008-06-23 13:15 669184 c4fc92ee25942192a8bf7fe8d17c284e c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll

2008-06-23 12:11 668160 4e6461ec1c5296ee5f4a9f0581569563 c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll

2008-06-23 11:56 668672 e1640d81ca8d86691e3d3c5319628aae c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll

2008-08-20 02:33 669696 9de49dcd6db06b195bb6bf48fbffdad7 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll

2008-08-20 02:09 668160 89360a12db77d411b2873e130923f6b9 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll

2008-08-20 02:07 668672 6c73c1a54e445c5687ad6b721ee27ebc c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll

2008-10-16 07:23 669696 abec7b8444b02d494c7780bc8bcdf44b c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll

2008-10-15 22:02 668160 5ed4af2ad048b1afb5a92e0e9ef42011 c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll

2008-10-15 22:04 669184 a6506d61159aae4bc72406aae4779538 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll

2004-08-03 23:45 658432 398a619ce60090303042d1f8cc68f712 c:\windows\$NtUninstallKB905915$\wininet.dll

2005-10-21 00:41 660480 e82ab5464fc403945d19c835a444c3dd c:\windows\$NtUninstallKB912812$\wininet.dll

2006-03-04 00:34 660480 b32d83faff9eb0dfbafd3333a969197f c:\windows\$NtUninstallKB916281$\wininet.dll

2006-05-10 02:24 660480 0a83ad91caf032964013596f3a3f1e19 c:\windows\$NtUninstallKB918899$\wininet.dll

2006-06-23 08:11 660992 f6b1b2a4c8020142936ee8d4874337ad c:\windows\$NtUninstallKB922760$\wininet.dll

2006-09-14 05:40 660992 6bb33ba3a9bcd958e046a46677d43b5f c:\windows\$NtUninstallKB925454$\wininet.dll

2006-10-23 12:19 660992 a39dca8851d8916237b5b0a544987fdc c:\windows\$NtUninstallKB928090$\wininet.dll

2007-01-04 10:38 660992 c1819190dc0728400719e4e92f5c9382 c:\windows\$NtUninstallKB931768$\wininet.dll

2007-02-19 12:05 660992 de2d940c31fb62f7188fb9ab86b47221 c:\windows\$NtUninstallKB933566$\wininet.dll

2007-04-18 09:32 660992 0b911d35f0a036e3ab3b0cd6b471a27d c:\windows\$NtUninstallKB937143$\wininet.dll

2007-06-26 11:09 660992 a216e806aab57eb106a4aad09d549482 c:\windows\$NtUninstallKB939653$\wininet.dll

2007-08-22 10:13 660992 32ac239cb8e687eb5be251d259a27f73 c:\windows\$NtUninstallKB942615$\wininet.dll

2007-10-11 03:13 661504 74fd6b69135af76a54245ddad4635833 c:\windows\$NtUninstallKB944533$\wininet.dll

2007-12-06 22:07 661504 6e9bddefa42886f554b115da3a7e1180 c:\windows\$NtUninstallKB947864$\wininet.dll

2008-02-16 06:03 661504 03ded0f6685b647521a61722f3991cc7 c:\windows\$NtUninstallKB950759$\wininet.dll

2008-04-21 04:02 661504 1425bf9f5c667f54f684991a15e2dbd2 c:\windows\$NtUninstallKB953838$\wininet.dll

2008-06-23 12:40 661504 2532fe667e74219ce5b61ed67e23f435 c:\windows\$NtUninstallKB956390$\wininet.dll

2008-08-20 02:37 661504 fe5247936c9bcb765fd16114303f404d c:\windows\$NtUninstallKB958215$\wininet.dll

2008-04-13 23:20 668160 df6d0f37a71883be3505dd517eb8ad83 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\wininet.dll

2008-08-26 05:11 826368 acb8649f0efdcc6d7b081e3bc213b93a c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2GDR\wininet.dll

2008-08-26 06:10 827904 cc9cd001ae0ff30d0e16a172bf39576a c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2QFE\wininet.dll

2008-10-16 17:23 826368 779479e6f38bc77831f26bd9aae3fad3 c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2GDR\wininet.dll

2008-10-16 16:33 827904 4bcd45d77bd42a5e9c2dd2e847a5467e c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2QFE\wininet.dll

2008-10-16 07:39 661504 28faee723326e23de40278c99e635ff4 c:\windows\system32\wininet.dll

2008-10-16 07:39 661504 28faee723326e23de40278c99e635ff4 c:\windows\system32\dllcache\wininet.dll

 

2005-05-25 16:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

2006-01-13 14:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

2006-04-20 09:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 13:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2008-06-20 07:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

2008-06-20 08:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

2008-06-20 08:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

2004-08-31 06:39 359040 7b11118b078b88f87183fe69eda43137 c:\windows\$NtUninstallKB893066$\tcpip.sys

2005-05-25 16:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys

2006-01-12 23:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys

2006-04-20 08:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys

2007-10-30 14:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys

2008-04-13 16:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\tcpip.sys

2008-06-20 07:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys

2008-06-20 07:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\drivers\tcpip.sys

 

2008-04-13 23:21 509952 71d440f79b711627b12b567fb2eadb42 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\winlogon.exe

2004-08-03 23:45 504320 6f7bde7a1126debf0cc359a54953efc1 c:\windows\system32\winlogon.exe

2004-08-03 23:45 504320 6f7bde7a1126debf0cc359a54953efc1 c:\windows\system32\dllcache\winlogon.exe

 

2008-04-13 16:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ndis.sys

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

 

2008-04-13 15:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ip6fw.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

 

2005-03-02 15:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2006-12-19 15:45 2063616 cd84579bd1ea4653a0dc4de5b8aa943f c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe

2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2008-08-14 10:39 2067200 145cd2bba58988b7a2e9b910ac4d4ca4 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe

2008-08-14 10:24 2070272 a62251c7c1f0dbc3241abf1985ede75e c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

2008-08-14 18:26 2070272 586a93e0c23f6a1893f6706f36b22598 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

2004-08-03 23:55 2019328 31dfe96b6b6fa4c9ca098ceaf21b29a5 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

2005-03-02 15:08 2019328 98c8c29bb2bd2427819674062604668c c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe

2006-12-19 15:22 2019840 d2b82a353c6f9546b313f87e029f8608 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 13:02 2019840 1f433c0f544a74459f035b71121a4569 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

2008-08-14 10:45 2061952 e3c62cc617a25870b024cba8bb1d3c23 c:\windows\Driver Cache\i386\ntkrnlpa.exe

2008-04-13 23:00 2070144 f84054bfd1d688b901ad907499879bbd c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntkrnlpa.exe

2008-08-14 10:45 2019840 64d6e5afbb154bc21a2da135dd739ca0 c:\windows\system32\ntkrnlpa.exe

2008-08-14 10:45 2061952 e3c62cc617a25870b024cba8bb1d3c23 c:\windows\system32\dllcache\ntkrnlpa.exe

 

2005-03-02 15:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2006-12-19 15:45 2186240 df77102101d135739bf39a13473fcfa6 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe

2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2008-08-14 10:39 2190208 b72a025a758683552c4fec7eabcb0661 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

2008-08-14 10:24 2193408 04ba43b0d2a13bd6b06d707299243cfc c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

2008-08-14 18:26 2193408 a42cc3cfc02a7b2baec7b0d45808b257 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

2004-08-03 23:40 2152448 91448d27f6dfaf50dd1d5fd3d8c1f3bd c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

2005-03-02 15:08 2139648 7c9e84463bf6228660898395851464e0 c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

2006-12-19 15:22 2140160 aa58e5254d78d02c15d75416a153fca4 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 13:02 2140160 7aacd829f2a9bb4dace70cbfc6046934 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

2008-08-14 10:45 2184576 837fcf2a885b4cf3f28475d8376b4fd2 c:\windows\Driver Cache\i386\ntoskrnl.exe

2008-04-13 23:01 2193280 185f6c64734019e7e9f626e53cc37fb4 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntoskrnl.exe

2008-08-14 10:45 2140160 a06ad42bf92bcb0386699ac1352a9045 c:\windows\system32\ntoskrnl.exe

2008-08-14 10:45 2184576 837fcf2a885b4cf3f28475d8376b4fd2 c:\windows\system32\dllcache\ntoskrnl.exe

 

2008-04-13 23:21 109056 ee7999baaca84cfaa03726e677ee2a33 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\services.exe

2004-08-03 23:45 108544 cc73c4430c2fc27fde16a0a4e3678148 c:\windows\system32\services.exe

2004-08-03 23:45 108544 cc73c4430c2fc27fde16a0a4e3678148 c:\windows\system32\dllcache\services.exe

 

2008-04-13 23:21 13312 9607142710d3b64ab7fcce4be4e30d37 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\lsass.exe

2004-08-03 23:45 13312 35c6463b3c5f62d2b20c953b6e1538e9 c:\windows\system32\lsass.exe

2004-08-03 23:45 13312 35c6463b3c5f62d2b20c953b6e1538e9 c:\windows\system32\dllcache\lsass.exe

 

2008-04-13 23:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ctfmon.exe

2004-08-03 23:45 15360 f40bc97996b8e53799eef1d63996674b c:\windows\system32\ctfmon.exe

2004-08-03 23:45 15360 f40bc97996b8e53799eef1d63996674b c:\windows\system32\dllcache\ctfmon.exe

 

2008-04-13 23:21 26112 a7ea40f680163808d96f89b4ff991876 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\userinit.exe

2004-08-03 23:45 24576 4ca695ec1ee4c7cf2144dfa00ea0e1f7 c:\windows\system32\userinit.exe

2004-08-03 23:45 24576 4ca695ec1ee4c7cf2144dfa00ea0e1f7 c:\windows\system32\dllcache\userinit.exe

 

2008-04-13 23:20 296960 0f4db70dce17b9dc1a5d835b1a5ee469 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\termsrv.dll

2004-08-03 23:45 296960 23dff6daa7565cc5802e057a6b9f585e c:\windows\system32\termsrv.dll

2004-08-03 23:45 296960 23dff6daa7565cc5802e057a6b9f585e c:\windows\system32\dllcache\termsrv.dll

 

2008-04-13 23:20 17408 c008bbc88156e0ee109c7ff445cd9555 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\powrprof.dll

2004-08-03 23:45 17408 0f81eb414de1d77dd315f4a3d324bc1e c:\windows\system32\powrprof.dll

2004-08-03 23:45 17408 0f81eb414de1d77dd315f4a3d324bc1e c:\windows\system32\dllcache\powrprof.dll

 

2008-04-13 23:20 110080 05c621eaa979d33a12f3b510ff4c6f9f c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\imm32.dll

2004-08-03 23:45 110080 602b88592e0690d0dfb5e5f44a9ef820 c:\windows\system32\imm32.dll

2004-08-03 23:45 110080 602b88592e0690d0dfb5e5f44a9ef820 c:\windows\system32\dllcache\imm32.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6DC87C6-3ED0-42E3-A095-B59F4DC72739}]

2009-02-26 21:52 825344 --a------ c:\windows\Sun\Java\jp2ssv.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 1957888]

"SsAAD.exe"="c:\arquiv~1\mp3\SsAAD.exe" [2006-05-08 81920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]

"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2005-06-10 1397760]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="c:\arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"SiSPower"="SiSPower.dll" [2005-03-03 c:\windows\system32\SiSPower.dll]

"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-12-05 266240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

"msacm.l3fhg"= mp3fhg.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17560:TCP"= 17560:TCP:NortonAV

"13313:TCP"= 13313:TCP:NortonAV

"13036:TCP"= 13036:TCP:NortonAV

 

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-27 28544]

R1 is-58H3Bdrv;is-58H3Bdrv;c:\windows\system32\drivers\33784768.sys [2009-03-07 148496]

R2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-03-08 902424]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-03-08 282904]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]

S2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.ig.com.br/

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: p0rt2.com

DPF: Microsoft XML Parser for Java

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-08 17:27:21

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-03-08 17:30:33

ComboFix-quarantined-files.txt 2009-03-08 20:30:30

ComboFix2.txt 2009-03-08 16:01:41

 

Pré-execução: 17 pasta(s) 31.171.280.896 bytes disponíveis

Pós execução: 17 pasta(s) 31,255,126,016 bytes disponíveis

 

275 --- E O F --- 2009-03-06 02:51:09

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Olá krusty1,

 

◘ Faça o download do Bankerfix

◘ Dê um duplo-clique no bankerfix.exe

Feche todas as janelas e programas, com exceção do BankerFix

◘ Clique na janela do BankerFix e aperte qualquer tecla. O BankerFix faz o resto sozinho

◘ Quando terminar poste o relatorio do bankerfix que fica no arquivo relatorio.txt, presente na pasta C:\LinhaDefensiva junto com o log do hijackthis.

Compartilhar este post

Link para o post
Compartilhar em outros sites

krusty1    0

krusty1
Postado

Relatório do Bankerfix e hijackthis

 

 

 

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-03-09 - 14:33

-------------------------------------------------------

Lista de Definição: 2009-01-21-2 | CORE: 2009-01-21-1

=======================================================

 

Arquivo infectado detectado: C:\MSDOS.INF

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\pagefile.log

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\msapps\msapp.dll

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\oobe\dialmgr

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:36:38, on 09/03/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Expert\Meus documentos\WinRAR.exe

C:\DOCUME~1\Expert\CONFIG~1\Temp\Rar$EX00.063\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: DirecX - {B6DC87C6-3ED0-42E3-A095-B59F4DC72739} - C:\WINDOWS\Sun\Java\jp2ssv.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [ssAAD.exe] C:\ARQUIV~1\mp3\SsAAD.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-58H3B.lnk = C:\Documents and Settings\Expert\Desktop\Virus Removal Tool\is-58H3B\startup.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.p0rt2.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (file missing)

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 7049 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Olá.

 

Faça o download do Avenger e salve no seu Desktop em seguida descompacte-o.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo:

 

Begin copying here:

Files to delete:

c:\windows\sun\Java\jp2ssv.dlll

C:\sqmnoopt19.sqm

C:\sqmdata19.sqm

C:\sqmnoopt18.sqm

C:\sqmdata18.sqm

C:\sqmnoopt17.sqm

C:\sqmdata17.sqm

C:\sqmdata16.sqm

C:\sqmnoopt16.sqm

C:\sqmnoopt15.sqm

C:\sqmdata15.sqm

C:\sqmnoopt14.sqm

C:\sqmdata14.sqm

C:\sqmnoopt13.sqm

C:\sqmdata13.sqm

C:\sqmnoopt12.sqm

C:\sqmdata12.sqm

 

Registry keys to delete:

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6DC87C6-3ED0-42E3-A095-B59F4DC72739}

 

 

Execute o Avenger.exe no desktop.

 

◘ Clique direito do mouse na janela Input script here:, em seguida clique em Paste ou (control + v).

◘ Clique em Execute

◘ Escolha "Yes" duas vezes, quando solicitado.

 

 

Ao acabar de executar o script o PC será reiniciado. É possivel que o PC seja reiniciado mais de uma vez.

 

Poste o log que encontrará em C:\avenger.txt mais um novo Log do Hijackthis e execute também o programa combofix novamente.

Compartilhar este post

Link para o post
Compartilhar em outros sites

krusty1    0

krusty1
Postado

Ai vai as informações solicitadas....na sequência

 

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: file "c:\windows\sun\Java\jp2ssv.dlll" not found!

Deletion of file "c:\windows\sun\Java\jp2ssv.dlll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

File "C:\sqmnoopt19.sqm" deleted successfully.

File "C:\sqmdata19.sqm" deleted successfully.

File "C:\sqmnoopt18.sqm" deleted successfully.

File "C:\sqmdata18.sqm" deleted successfully.

File "C:\sqmnoopt17.sqm" deleted successfully.

File "C:\sqmdata17.sqm" deleted successfully.

File "C:\sqmdata16.sqm" deleted successfully.

File "C:\sqmnoopt16.sqm" deleted successfully.

File "C:\sqmnoopt15.sqm" deleted successfully.

File "C:\sqmdata15.sqm" deleted successfully.

File "C:\sqmnoopt14.sqm" deleted successfully.

File "C:\sqmdata14.sqm" deleted successfully.

File "C:\sqmnoopt13.sqm" deleted successfully.

File "C:\sqmdata13.sqm" deleted successfully.

File "C:\sqmnoopt12.sqm" deleted successfully.

File "C:\sqmdata12.sqm" deleted successfully.

 

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6DC87C6-3ED0-42E3-A095-B59F4DC72739}" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6DC87C6-3ED0-42E3-A095-B59F4DC72739}" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:09:26, on 09/03/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\ARQUIV~1\mp3\SsAAD.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Expert\Meus documentos\WinRAR.exe

C:\DOCUME~1\Expert\CONFIG~1\Temp\Rar$EX01.016\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: DirecX - {B6DC87C6-3ED0-42E3-A095-B59F4DC72739} - C:\WINDOWS\Sun\Java\jp2ssv.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [ssAAD.exe] C:\ARQUIV~1\mp3\SsAAD.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-58H3B.lnk = C:\Documents and Settings\Expert\Desktop\Virus Removal Tool\is-58H3B\startup.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.p0rt2.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (file missing)

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 7192 bytes

 

 

 

 

ComboFix 09-03-04.01 - Expert 2009-03-09 19:11:30.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.991.685 [GMT -3:00]

Executando de: c:\documents and settings\Expert\Meus documentos\Downloads\ComboFix.exe

AV: avast! antivirus 4.7.942 [VPS 000000-0] *On-access scanning disabled* (Outdated)

AV: AVG *On-access scanning disabled* (Outdated)

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-09 to 2009-03-09 ))))))))))))))))))))))))))))

.

 

2009-03-09 14:32 . 2009-03-09 14:35 <DIR> d-------- C:\LinhaDefensiva

2009-03-07 12:35 . 2009-03-09 19:14 30,556,192 --ahs---- c:\windows\system32\drivers\fidbox.dat

2009-03-07 12:35 . 2009-03-09 19:06 348,404 --ahs---- c:\windows\system32\drivers\fidbox.idx

2009-03-07 12:33 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\33784768.sys

2009-03-06 18:57 . 2009-03-06 18:57 <DIR> d-------- c:\arquivos de programas\Trend Micro

2009-03-05 21:06 . 2009-03-05 21:06 0 --a------ c:\windows\system32\commonpriv.log.lock

2009-03-01 19:45 . 2009-03-01 19:45 <DIR> d-------- c:\documents and settings\Expert\Dados de aplicativos\Malwarebytes

2009-03-01 19:45 . 2009-03-01 19:45 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-02-27 21:05 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-08 19:25 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Grisoft(2)

2009-03-05 16:34 --------- d-----w c:\arquivos de programas\eMule

2009-02-09 23:20 --------- d-----w c:\documents and settings\Expert\Dados de aplicativos\uTorrent

2005-04-01 00:17 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

2008-12-01 21:14 2,880 --sh--r c:\windows\system32\oobe\dialmgr.dat

.

 

------- Sigcheck -------

 

2008-04-13 23:21 14336 ed2d69cd4b0ebe37efe11d4dc4abc68f c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\svchost.exe

2004-08-03 23:45 14336 5de3e7b6f7624552f2f06664f110820d c:\windows\system32\svchost.exe

2004-08-03 23:45 14336 5de3e7b6f7624552f2f06664f110820d c:\windows\system32\dllcache\svchost.exe

 

2008-04-13 23:20 82432 1fa3c4b2d7e35176e65fb69ab597b0f0 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ws2_32.dll

2004-08-03 23:45 82944 a5163442377d3c305bbff612f80047d7 c:\windows\system32\ws2_32.dll

2004-08-03 23:45 82944 a5163442377d3c305bbff612f80047d7 c:\windows\system32\dllcache\ws2_32.dll

 

2005-10-21 00:39 663552 49e396b88a2e6ad07b4ad87ec16ebbc8 c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll

2006-03-04 01:00 665600 0897aef03c1664f44010ff481bbac8e6 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll

2006-05-10 02:26 665600 60c78431362c31dc65c7d1dee7658ca9 c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll

2006-06-23 08:25 666624 11453709af903b3653f3cbde2b54f72c c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll

2006-09-14 05:36 666624 2eb0553ef4c52d51a52370bffce7340b c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll

2006-10-23 12:34 666624 66eac39bb74044d235e401f7447f089d c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll

2007-01-04 11:02 667136 b8b6a731fc318e2fb4e7f689b6f92631 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll

2007-02-19 12:23 667648 5925ece8848e66691e8720cc2b839844 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll

2007-04-18 09:44 667648 c30c08ad4d59d04af165b4a2be2b14dd c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll

2007-06-26 11:37 667648 13f701d4526f965abc71129e194c3dc3 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll

2007-08-22 09:57 667648 a8d6da26a5b8c56458d2222e524d8d29 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll

2007-10-11 03:00 668160 e3ffded59daadb3055be4ad155c38ca3 c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll

2007-12-06 21:46 668160 2324e8e86733233a9435f9ea6a92b6e2 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll

2008-02-16 06:32 668160 f3ad9df6b30d5a3f67b5561109640958 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll

2008-04-21 03:57 668672 10e93d1903bc15dc94fdf5a97994b120 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll

2008-04-21 03:44 668160 1aaf9f5394ab45664147e9cd6bd58eb4 c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll

2008-04-21 03:30 668672 c72070f8a201f0dde3f4a6e7a0297261 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll

2008-06-23 13:15 669184 c4fc92ee25942192a8bf7fe8d17c284e c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll

2008-06-23 12:11 668160 4e6461ec1c5296ee5f4a9f0581569563 c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll

2008-06-23 11:56 668672 e1640d81ca8d86691e3d3c5319628aae c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll

2008-08-20 02:33 669696 9de49dcd6db06b195bb6bf48fbffdad7 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll

2008-08-20 02:09 668160 89360a12db77d411b2873e130923f6b9 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll

2008-08-20 02:07 668672 6c73c1a54e445c5687ad6b721ee27ebc c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll

2008-10-16 07:23 669696 abec7b8444b02d494c7780bc8bcdf44b c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll

2008-10-15 22:02 668160 5ed4af2ad048b1afb5a92e0e9ef42011 c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll

2008-10-15 22:04 669184 a6506d61159aae4bc72406aae4779538 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll

2004-08-03 23:45 658432 398a619ce60090303042d1f8cc68f712 c:\windows\$NtUninstallKB905915$\wininet.dll

2005-10-21 00:41 660480 e82ab5464fc403945d19c835a444c3dd c:\windows\$NtUninstallKB912812$\wininet.dll

2006-03-04 00:34 660480 b32d83faff9eb0dfbafd3333a969197f c:\windows\$NtUninstallKB916281$\wininet.dll

2006-05-10 02:24 660480 0a83ad91caf032964013596f3a3f1e19 c:\windows\$NtUninstallKB918899$\wininet.dll

2006-06-23 08:11 660992 f6b1b2a4c8020142936ee8d4874337ad c:\windows\$NtUninstallKB922760$\wininet.dll

2006-09-14 05:40 660992 6bb33ba3a9bcd958e046a46677d43b5f c:\windows\$NtUninstallKB925454$\wininet.dll

2006-10-23 12:19 660992 a39dca8851d8916237b5b0a544987fdc c:\windows\$NtUninstallKB928090$\wininet.dll

2007-01-04 10:38 660992 c1819190dc0728400719e4e92f5c9382 c:\windows\$NtUninstallKB931768$\wininet.dll

2007-02-19 12:05 660992 de2d940c31fb62f7188fb9ab86b47221 c:\windows\$NtUninstallKB933566$\wininet.dll

2007-04-18 09:32 660992 0b911d35f0a036e3ab3b0cd6b471a27d c:\windows\$NtUninstallKB937143$\wininet.dll

2007-06-26 11:09 660992 a216e806aab57eb106a4aad09d549482 c:\windows\$NtUninstallKB939653$\wininet.dll

2007-08-22 10:13 660992 32ac239cb8e687eb5be251d259a27f73 c:\windows\$NtUninstallKB942615$\wininet.dll

2007-10-11 03:13 661504 74fd6b69135af76a54245ddad4635833 c:\windows\$NtUninstallKB944533$\wininet.dll

2007-12-06 22:07 661504 6e9bddefa42886f554b115da3a7e1180 c:\windows\$NtUninstallKB947864$\wininet.dll

2008-02-16 06:03 661504 03ded0f6685b647521a61722f3991cc7 c:\windows\$NtUninstallKB950759$\wininet.dll

2008-04-21 04:02 661504 1425bf9f5c667f54f684991a15e2dbd2 c:\windows\$NtUninstallKB953838$\wininet.dll

2008-06-23 12:40 661504 2532fe667e74219ce5b61ed67e23f435 c:\windows\$NtUninstallKB956390$\wininet.dll

2008-08-20 02:37 661504 fe5247936c9bcb765fd16114303f404d c:\windows\$NtUninstallKB958215$\wininet.dll

2008-04-13 23:20 668160 df6d0f37a71883be3505dd517eb8ad83 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\wininet.dll

2008-08-26 05:11 826368 acb8649f0efdcc6d7b081e3bc213b93a c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2GDR\wininet.dll

2008-08-26 06:10 827904 cc9cd001ae0ff30d0e16a172bf39576a c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2QFE\wininet.dll

2008-10-16 17:23 826368 779479e6f38bc77831f26bd9aae3fad3 c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2GDR\wininet.dll

2008-10-16 16:33 827904 4bcd45d77bd42a5e9c2dd2e847a5467e c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2QFE\wininet.dll

2008-10-16 07:39 661504 28faee723326e23de40278c99e635ff4 c:\windows\system32\wininet.dll

2008-10-16 07:39 661504 28faee723326e23de40278c99e635ff4 c:\windows\system32\dllcache\wininet.dll

 

2005-05-25 16:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

2006-01-13 14:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

2006-04-20 09:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 13:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2008-06-20 07:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

2008-06-20 08:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

2008-06-20 08:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

2004-08-31 06:39 359040 7b11118b078b88f87183fe69eda43137 c:\windows\$NtUninstallKB893066$\tcpip.sys

2005-05-25 16:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys

2006-01-12 23:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys

2006-04-20 08:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys

2007-10-30 14:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys

2008-04-13 16:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\tcpip.sys

2008-06-20 07:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys

2008-06-20 07:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\drivers\tcpip.sys

 

2008-04-13 23:21 509952 71d440f79b711627b12b567fb2eadb42 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\winlogon.exe

2004-08-03 23:45 504320 6f7bde7a1126debf0cc359a54953efc1 c:\windows\system32\winlogon.exe

2004-08-03 23:45 504320 6f7bde7a1126debf0cc359a54953efc1 c:\windows\system32\dllcache\winlogon.exe

 

2008-04-13 16:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ndis.sys

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

 

2008-04-13 15:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ip6fw.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

 

2005-03-02 15:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2006-12-19 15:45 2063616 cd84579bd1ea4653a0dc4de5b8aa943f c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe

2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2008-08-14 10:39 2067200 145cd2bba58988b7a2e9b910ac4d4ca4 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe

2008-08-14 10:24 2070272 a62251c7c1f0dbc3241abf1985ede75e c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

2008-08-14 18:26 2070272 586a93e0c23f6a1893f6706f36b22598 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

2004-08-03 23:55 2019328 31dfe96b6b6fa4c9ca098ceaf21b29a5 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

2005-03-02 15:08 2019328 98c8c29bb2bd2427819674062604668c c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe

2006-12-19 15:22 2019840 d2b82a353c6f9546b313f87e029f8608 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 13:02 2019840 1f433c0f544a74459f035b71121a4569 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

2008-08-14 10:45 2061952 e3c62cc617a25870b024cba8bb1d3c23 c:\windows\Driver Cache\i386\ntkrnlpa.exe

2008-04-13 23:00 2070144 f84054bfd1d688b901ad907499879bbd c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntkrnlpa.exe

2008-08-14 10:45 2019840 64d6e5afbb154bc21a2da135dd739ca0 c:\windows\system32\ntkrnlpa.exe

2008-08-14 10:45 2061952 e3c62cc617a25870b024cba8bb1d3c23 c:\windows\system32\dllcache\ntkrnlpa.exe

 

2005-03-02 15:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2006-12-19 15:45 2186240 df77102101d135739bf39a13473fcfa6 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe

2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2008-08-14 10:39 2190208 b72a025a758683552c4fec7eabcb0661 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

2008-08-14 10:24 2193408 04ba43b0d2a13bd6b06d707299243cfc c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

2008-08-14 18:26 2193408 a42cc3cfc02a7b2baec7b0d45808b257 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

2004-08-03 23:40 2152448 91448d27f6dfaf50dd1d5fd3d8c1f3bd c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

2005-03-02 15:08 2139648 7c9e84463bf6228660898395851464e0 c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

2006-12-19 15:22 2140160 aa58e5254d78d02c15d75416a153fca4 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 13:02 2140160 7aacd829f2a9bb4dace70cbfc6046934 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

2008-08-14 10:45 2184576 837fcf2a885b4cf3f28475d8376b4fd2 c:\windows\Driver Cache\i386\ntoskrnl.exe

2008-04-13 23:01 2193280 185f6c64734019e7e9f626e53cc37fb4 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntoskrnl.exe

2008-08-14 10:45 2140160 a06ad42bf92bcb0386699ac1352a9045 c:\windows\system32\ntoskrnl.exe

2008-08-14 10:45 2184576 837fcf2a885b4cf3f28475d8376b4fd2 c:\windows\system32\dllcache\ntoskrnl.exe

 

2008-04-13 23:21 109056 ee7999baaca84cfaa03726e677ee2a33 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\services.exe

2004-08-03 23:45 108544 cc73c4430c2fc27fde16a0a4e3678148 c:\windows\system32\services.exe

2004-08-03 23:45 108544 cc73c4430c2fc27fde16a0a4e3678148 c:\windows\system32\dllcache\services.exe

 

2008-04-13 23:21 13312 9607142710d3b64ab7fcce4be4e30d37 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\lsass.exe

2004-08-03 23:45 13312 35c6463b3c5f62d2b20c953b6e1538e9 c:\windows\system32\lsass.exe

2004-08-03 23:45 13312 35c6463b3c5f62d2b20c953b6e1538e9 c:\windows\system32\dllcache\lsass.exe

 

2008-04-13 23:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ctfmon.exe

2004-08-03 23:45 15360 f40bc97996b8e53799eef1d63996674b c:\windows\system32\ctfmon.exe

2004-08-03 23:45 15360 f40bc97996b8e53799eef1d63996674b c:\windows\system32\dllcache\ctfmon.exe

 

2008-04-13 23:21 26112 a7ea40f680163808d96f89b4ff991876 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\userinit.exe

2004-08-03 23:45 24576 4ca695ec1ee4c7cf2144dfa00ea0e1f7 c:\windows\system32\userinit.exe

2004-08-03 23:45 24576 4ca695ec1ee4c7cf2144dfa00ea0e1f7 c:\windows\system32\dllcache\userinit.exe

 

2008-04-13 23:20 296960 0f4db70dce17b9dc1a5d835b1a5ee469 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\termsrv.dll

2004-08-03 23:45 296960 23dff6daa7565cc5802e057a6b9f585e c:\windows\system32\termsrv.dll

2004-08-03 23:45 296960 23dff6daa7565cc5802e057a6b9f585e c:\windows\system32\dllcache\termsrv.dll

 

2008-04-13 23:20 17408 c008bbc88156e0ee109c7ff445cd9555 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\powrprof.dll

2004-08-03 23:45 17408 0f81eb414de1d77dd315f4a3d324bc1e c:\windows\system32\powrprof.dll

2004-08-03 23:45 17408 0f81eb414de1d77dd315f4a3d324bc1e c:\windows\system32\dllcache\powrprof.dll

 

2008-04-13 23:20 110080 05c621eaa979d33a12f3b510ff4c6f9f c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\imm32.dll

2004-08-03 23:45 110080 602b88592e0690d0dfb5e5f44a9ef820 c:\windows\system32\imm32.dll

2004-08-03 23:45 110080 602b88592e0690d0dfb5e5f44a9ef820 c:\windows\system32\dllcache\imm32.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6DC87C6-3ED0-42E3-A095-B59F4DC72739}]

2009-02-26 21:52 825344 --a------ c:\windows\Sun\Java\jp2ssv.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 1957888]

"SsAAD.exe"="c:\arquiv~1\mp3\SsAAD.exe" [2006-05-08 81920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]

"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2005-06-10 1397760]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="c:\arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"SiSPower"="SiSPower.dll" [2005-03-03 c:\windows\system32\SiSPower.dll]

"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-12-05 266240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

"msacm.l3fhg"= mp3fhg.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17560:TCP"= 17560:TCP:NortonAV

"13313:TCP"= 13313:TCP:NortonAV

"13036:TCP"= 13036:TCP:NortonAV

 

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-27 28544]

R1 is-58H3Bdrv;is-58H3Bdrv;c:\windows\system32\drivers\33784768.sys [2009-03-07 148496]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-03-08 282904]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]

S2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-03-08 902424]

S2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.ig.com.br/

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: p0rt2.com

DPF: Microsoft XML Parser for Java

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-09 19:14:21

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-03-09 19:17:43

ComboFix-quarantined-files.txt 2009-03-09 22:17:40

ComboFix2.txt 2009-03-09 13:39:10

ComboFix3.txt 2009-03-08 20:30:37

ComboFix4.txt 2009-03-08 16:01:41

 

Pré-execução: 19 pasta(s) 31.210.209.280 bytes disponíveis

Pós execução: 19 pasta(s) 31,225,868,288 bytes disponíveis

 

254 --- E O F --- 2009-03-06 02:51:09

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

c:\windows\Sun\Java\jp2ssv.dll

Registry::

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6DC87C6-3ED0-42E3-A095-B59F4DC72739}

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000000

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post

Link para o post
Compartilhar em outros sites

krusty1    0

krusty1
Postado

Ai vai

 

 

ComboFix 09-03-04.01 - Expert 2009-03-10 9:45:46.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.991.687 [GMT -3:00]

Executando de: c:\documents and settings\Expert\Meus documentos\Downloads\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Expert\Desktop\CFScript.txt.txt

AV: avast! antivirus 4.7.942 [VPS 000000-0] *On-access scanning disabled* (Outdated)

AV: AVG *On-access scanning disabled* (Outdated)

* Criado um novo ponto de restauro

 

FILE ::

c:\windows\Sun\Java\jp2ssv.dll

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Sun\Java\jp2ssv.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-10 to 2009-03-10 ))))))))))))))))))))))))))))

.

 

2009-03-09 14:32 . 2009-03-09 14:35 <DIR> d-------- C:\LinhaDefensiva

2009-03-07 12:35 . 2009-03-10 09:48 36,937,760 --ahs---- c:\windows\system32\drivers\fidbox.dat

2009-03-07 12:35 . 2009-03-09 23:37 417,572 --ahs---- c:\windows\system32\drivers\fidbox.idx

2009-03-07 12:33 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\33784768.sys

2009-03-06 18:57 . 2009-03-06 18:57 <DIR> d-------- c:\arquivos de programas\Trend Micro

2009-03-05 21:06 . 2009-03-05 21:06 0 --a------ c:\windows\system32\commonpriv.log.lock

2009-03-01 19:45 . 2009-03-01 19:45 <DIR> d-------- c:\documents and settings\Expert\Dados de aplicativos\Malwarebytes

2009-03-01 19:45 . 2009-03-01 19:45 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-02-27 21:05 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-09 23:49 --------- d-----w c:\arquivos de programas\Cia. do Software

2009-03-08 19:25 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Grisoft(2)

2009-03-05 16:34 --------- d-----w c:\arquivos de programas\eMule

2009-02-09 23:20 --------- d-----w c:\documents and settings\Expert\Dados de aplicativos\uTorrent

2005-04-01 00:17 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

2008-12-01 21:14 2,880 --sh--r c:\windows\system32\oobe\dialmgr.dat

.

 

------- Sigcheck -------

 

2008-04-13 23:21 14336 ed2d69cd4b0ebe37efe11d4dc4abc68f c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\svchost.exe

2004-08-03 23:45 14336 5de3e7b6f7624552f2f06664f110820d c:\windows\system32\svchost.exe

2004-08-03 23:45 14336 5de3e7b6f7624552f2f06664f110820d c:\windows\system32\dllcache\svchost.exe

 

2008-04-13 23:20 82432 1fa3c4b2d7e35176e65fb69ab597b0f0 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ws2_32.dll

2004-08-03 23:45 82944 a5163442377d3c305bbff612f80047d7 c:\windows\system32\ws2_32.dll

2004-08-03 23:45 82944 a5163442377d3c305bbff612f80047d7 c:\windows\system32\dllcache\ws2_32.dll

 

2005-10-21 00:39 663552 49e396b88a2e6ad07b4ad87ec16ebbc8 c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll

2006-03-04 01:00 665600 0897aef03c1664f44010ff481bbac8e6 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll

2006-05-10 02:26 665600 60c78431362c31dc65c7d1dee7658ca9 c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll

2006-06-23 08:25 666624 11453709af903b3653f3cbde2b54f72c c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll

2006-09-14 05:36 666624 2eb0553ef4c52d51a52370bffce7340b c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll

2006-10-23 12:34 666624 66eac39bb74044d235e401f7447f089d c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll

2007-01-04 11:02 667136 b8b6a731fc318e2fb4e7f689b6f92631 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll

2007-02-19 12:23 667648 5925ece8848e66691e8720cc2b839844 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll

2007-04-18 09:44 667648 c30c08ad4d59d04af165b4a2be2b14dd c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll

2007-06-26 11:37 667648 13f701d4526f965abc71129e194c3dc3 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll

2007-08-22 09:57 667648 a8d6da26a5b8c56458d2222e524d8d29 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll

2007-10-11 03:00 668160 e3ffded59daadb3055be4ad155c38ca3 c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll

2007-12-06 21:46 668160 2324e8e86733233a9435f9ea6a92b6e2 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll

2008-02-16 06:32 668160 f3ad9df6b30d5a3f67b5561109640958 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll

2008-04-21 03:57 668672 10e93d1903bc15dc94fdf5a97994b120 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll

2008-04-21 03:44 668160 1aaf9f5394ab45664147e9cd6bd58eb4 c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll

2008-04-21 03:30 668672 c72070f8a201f0dde3f4a6e7a0297261 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll

2008-06-23 13:15 669184 c4fc92ee25942192a8bf7fe8d17c284e c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll

2008-06-23 12:11 668160 4e6461ec1c5296ee5f4a9f0581569563 c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll

2008-06-23 11:56 668672 e1640d81ca8d86691e3d3c5319628aae c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll

2008-08-20 02:33 669696 9de49dcd6db06b195bb6bf48fbffdad7 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll

2008-08-20 02:09 668160 89360a12db77d411b2873e130923f6b9 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll

2008-08-20 02:07 668672 6c73c1a54e445c5687ad6b721ee27ebc c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll

2008-10-16 07:23 669696 abec7b8444b02d494c7780bc8bcdf44b c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll

2008-10-15 22:02 668160 5ed4af2ad048b1afb5a92e0e9ef42011 c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll

2008-10-15 22:04 669184 a6506d61159aae4bc72406aae4779538 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll

2004-08-03 23:45 658432 398a619ce60090303042d1f8cc68f712 c:\windows\$NtUninstallKB905915$\wininet.dll

2005-10-21 00:41 660480 e82ab5464fc403945d19c835a444c3dd c:\windows\$NtUninstallKB912812$\wininet.dll

2006-03-04 00:34 660480 b32d83faff9eb0dfbafd3333a969197f c:\windows\$NtUninstallKB916281$\wininet.dll

2006-05-10 02:24 660480 0a83ad91caf032964013596f3a3f1e19 c:\windows\$NtUninstallKB918899$\wininet.dll

2006-06-23 08:11 660992 f6b1b2a4c8020142936ee8d4874337ad c:\windows\$NtUninstallKB922760$\wininet.dll

2006-09-14 05:40 660992 6bb33ba3a9bcd958e046a46677d43b5f c:\windows\$NtUninstallKB925454$\wininet.dll

2006-10-23 12:19 660992 a39dca8851d8916237b5b0a544987fdc c:\windows\$NtUninstallKB928090$\wininet.dll

2007-01-04 10:38 660992 c1819190dc0728400719e4e92f5c9382 c:\windows\$NtUninstallKB931768$\wininet.dll

2007-02-19 12:05 660992 de2d940c31fb62f7188fb9ab86b47221 c:\windows\$NtUninstallKB933566$\wininet.dll

2007-04-18 09:32 660992 0b911d35f0a036e3ab3b0cd6b471a27d c:\windows\$NtUninstallKB937143$\wininet.dll

2007-06-26 11:09 660992 a216e806aab57eb106a4aad09d549482 c:\windows\$NtUninstallKB939653$\wininet.dll

2007-08-22 10:13 660992 32ac239cb8e687eb5be251d259a27f73 c:\windows\$NtUninstallKB942615$\wininet.dll

2007-10-11 03:13 661504 74fd6b69135af76a54245ddad4635833 c:\windows\$NtUninstallKB944533$\wininet.dll

2007-12-06 22:07 661504 6e9bddefa42886f554b115da3a7e1180 c:\windows\$NtUninstallKB947864$\wininet.dll

2008-02-16 06:03 661504 03ded0f6685b647521a61722f3991cc7 c:\windows\$NtUninstallKB950759$\wininet.dll

2008-04-21 04:02 661504 1425bf9f5c667f54f684991a15e2dbd2 c:\windows\$NtUninstallKB953838$\wininet.dll

2008-06-23 12:40 661504 2532fe667e74219ce5b61ed67e23f435 c:\windows\$NtUninstallKB956390$\wininet.dll

2008-08-20 02:37 661504 fe5247936c9bcb765fd16114303f404d c:\windows\$NtUninstallKB958215$\wininet.dll

2008-04-13 23:20 668160 df6d0f37a71883be3505dd517eb8ad83 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\wininet.dll

2008-08-26 05:11 826368 acb8649f0efdcc6d7b081e3bc213b93a c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2GDR\wininet.dll

2008-08-26 06:10 827904 cc9cd001ae0ff30d0e16a172bf39576a c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2QFE\wininet.dll

2008-10-16 17:23 826368 779479e6f38bc77831f26bd9aae3fad3 c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2GDR\wininet.dll

2008-10-16 16:33 827904 4bcd45d77bd42a5e9c2dd2e847a5467e c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2QFE\wininet.dll

2008-10-16 07:39 661504 28faee723326e23de40278c99e635ff4 c:\windows\system32\wininet.dll

2008-10-16 07:39 661504 28faee723326e23de40278c99e635ff4 c:\windows\system32\dllcache\wininet.dll

 

2005-05-25 16:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

2006-01-13 14:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

2006-04-20 09:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 13:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2008-06-20 07:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

2008-06-20 08:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

2008-06-20 08:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

2004-08-31 06:39 359040 7b11118b078b88f87183fe69eda43137 c:\windows\$NtUninstallKB893066$\tcpip.sys

2005-05-25 16:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys

2006-01-12 23:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys

2006-04-20 08:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys

2007-10-30 14:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys

2008-04-13 16:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\tcpip.sys

2008-06-20 07:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys

2008-06-20 07:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\drivers\tcpip.sys

 

2008-04-13 23:21 509952 71d440f79b711627b12b567fb2eadb42 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\winlogon.exe

2004-08-03 23:45 504320 6f7bde7a1126debf0cc359a54953efc1 c:\windows\system32\winlogon.exe

2004-08-03 23:45 504320 6f7bde7a1126debf0cc359a54953efc1 c:\windows\system32\dllcache\winlogon.exe

 

2008-04-13 16:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ndis.sys

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

 

2008-04-13 15:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ip6fw.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

 

2005-03-02 15:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2006-12-19 15:45 2063616 cd84579bd1ea4653a0dc4de5b8aa943f c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe

2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2008-08-14 10:39 2067200 145cd2bba58988b7a2e9b910ac4d4ca4 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe

2008-08-14 10:24 2070272 a62251c7c1f0dbc3241abf1985ede75e c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

2008-08-14 18:26 2070272 586a93e0c23f6a1893f6706f36b22598 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

2004-08-03 23:55 2019328 31dfe96b6b6fa4c9ca098ceaf21b29a5 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

2005-03-02 15:08 2019328 98c8c29bb2bd2427819674062604668c c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe

2006-12-19 15:22 2019840 d2b82a353c6f9546b313f87e029f8608 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 13:02 2019840 1f433c0f544a74459f035b71121a4569 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

2008-08-14 10:45 2061952 e3c62cc617a25870b024cba8bb1d3c23 c:\windows\Driver Cache\i386\ntkrnlpa.exe

2008-04-13 23:00 2070144 f84054bfd1d688b901ad907499879bbd c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntkrnlpa.exe

2008-08-14 10:45 2019840 64d6e5afbb154bc21a2da135dd739ca0 c:\windows\system32\ntkrnlpa.exe

2008-08-14 10:45 2061952 e3c62cc617a25870b024cba8bb1d3c23 c:\windows\system32\dllcache\ntkrnlpa.exe

 

2005-03-02 15:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2006-12-19 15:45 2186240 df77102101d135739bf39a13473fcfa6 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe

2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2008-08-14 10:39 2190208 b72a025a758683552c4fec7eabcb0661 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

2008-08-14 10:24 2193408 04ba43b0d2a13bd6b06d707299243cfc c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

2008-08-14 18:26 2193408 a42cc3cfc02a7b2baec7b0d45808b257 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

2004-08-03 23:40 2152448 91448d27f6dfaf50dd1d5fd3d8c1f3bd c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

2005-03-02 15:08 2139648 7c9e84463bf6228660898395851464e0 c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

2006-12-19 15:22 2140160 aa58e5254d78d02c15d75416a153fca4 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 13:02 2140160 7aacd829f2a9bb4dace70cbfc6046934 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

2008-08-14 10:45 2184576 837fcf2a885b4cf3f28475d8376b4fd2 c:\windows\Driver Cache\i386\ntoskrnl.exe

2008-04-13 23:01 2193280 185f6c64734019e7e9f626e53cc37fb4 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntoskrnl.exe

2008-08-14 10:45 2140160 a06ad42bf92bcb0386699ac1352a9045 c:\windows\system32\ntoskrnl.exe

2008-08-14 10:45 2184576 837fcf2a885b4cf3f28475d8376b4fd2 c:\windows\system32\dllcache\ntoskrnl.exe

 

2008-04-13 23:21 109056 ee7999baaca84cfaa03726e677ee2a33 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\services.exe

2004-08-03 23:45 108544 cc73c4430c2fc27fde16a0a4e3678148 c:\windows\system32\services.exe

2004-08-03 23:45 108544 cc73c4430c2fc27fde16a0a4e3678148 c:\windows\system32\dllcache\services.exe

 

2008-04-13 23:21 13312 9607142710d3b64ab7fcce4be4e30d37 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\lsass.exe

2004-08-03 23:45 13312 35c6463b3c5f62d2b20c953b6e1538e9 c:\windows\system32\lsass.exe

2004-08-03 23:45 13312 35c6463b3c5f62d2b20c953b6e1538e9 c:\windows\system32\dllcache\lsass.exe

 

2008-04-13 23:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ctfmon.exe

2004-08-03 23:45 15360 f40bc97996b8e53799eef1d63996674b c:\windows\system32\ctfmon.exe

2004-08-03 23:45 15360 f40bc97996b8e53799eef1d63996674b c:\windows\system32\dllcache\ctfmon.exe

 

2008-04-13 23:21 26112 a7ea40f680163808d96f89b4ff991876 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\userinit.exe

2004-08-03 23:45 24576 4ca695ec1ee4c7cf2144dfa00ea0e1f7 c:\windows\system32\userinit.exe

2004-08-03 23:45 24576 4ca695ec1ee4c7cf2144dfa00ea0e1f7 c:\windows\system32\dllcache\userinit.exe

 

2008-04-13 23:20 296960 0f4db70dce17b9dc1a5d835b1a5ee469 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\termsrv.dll

2004-08-03 23:45 296960 23dff6daa7565cc5802e057a6b9f585e c:\windows\system32\termsrv.dll

2004-08-03 23:45 296960 23dff6daa7565cc5802e057a6b9f585e c:\windows\system32\dllcache\termsrv.dll

 

2008-04-13 23:20 17408 c008bbc88156e0ee109c7ff445cd9555 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\powrprof.dll

2004-08-03 23:45 17408 0f81eb414de1d77dd315f4a3d324bc1e c:\windows\system32\powrprof.dll

2004-08-03 23:45 17408 0f81eb414de1d77dd315f4a3d324bc1e c:\windows\system32\dllcache\powrprof.dll

 

2008-04-13 23:20 110080 05c621eaa979d33a12f3b510ff4c6f9f c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\imm32.dll

2004-08-03 23:45 110080 602b88592e0690d0dfb5e5f44a9ef820 c:\windows\system32\imm32.dll

2004-08-03 23:45 110080 602b88592e0690d0dfb5e5f44a9ef820 c:\windows\system32\dllcache\imm32.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 1957888]

"SsAAD.exe"="c:\arquiv~1\mp3\SsAAD.exe" [2006-05-08 81920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]

"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2005-06-10 1397760]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="c:\arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"SiSPower"="SiSPower.dll" [2005-03-03 c:\windows\system32\SiSPower.dll]

"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-12-05 266240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

"msacm.l3fhg"= mp3fhg.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^Expert^Menu Iniciar^Programas^Inicializar^is-58H3B.lnk]

path=c:\documents and settings\Expert\Menu Iniciar\Programas\Inicializar\is-58H3B.lnk

backup=c:\windows\pss\is-58H3B.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"avg8wd"=2 (0x2)

"avg8emc"=2 (0x2)

"aswUpdSv"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17560:TCP"= 17560:TCP:NortonAV

"13313:TCP"= 13313:TCP:NortonAV

"13036:TCP"= 13036:TCP:NortonAV

 

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-27 28544]

R1 is-58H3Bdrv;is-58H3Bdrv;c:\windows\system32\drivers\33784768.sys [2009-03-07 148496]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]

S2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]

S4 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe --> c:\arquiv~1\AVG\AVG8\avgemc.exe [?]

S4 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe --> c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{B6DC87C6-3ED0-42E3-A095-B59F4DC72739} - c:\windows\Sun\Java\jp2ssv.dll

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.ig.com.br/

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: p0rt2.com

DPF: Microsoft XML Parser for Java

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-10 09:48:10

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-03-10 9:50:58

ComboFix-quarantined-files.txt 2009-03-10 12:50:55

ComboFix2.txt 2009-03-09 22:17:47

ComboFix3.txt 2009-03-09 13:39:10

ComboFix4.txt 2009-03-08 20:30:37

ComboFix5.txt 2009-03-10 12:44:49

 

Pré-execução: 19 pasta(s) 31.238.742.016 bytes disponíveis

Pós execução: 19 pasta(s) 31,240,925,184 bytes disponíveis

 

266 --- E O F --- 2009-03-06 02:51:09

 

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:51:31, on 10/03/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Expert\Meus documentos\WinRAR.exe

C:\DOCUME~1\Expert\CONFIG~1\Temp\Rar$EX00.469\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [ssAAD.exe] C:\ARQUIV~1\mp3\SsAAD.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.p0rt2.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 6097 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

O log estar limpo.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Clique em Salvar e quando terminado o download, faça a instalação;

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados.

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito