Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

josé pimpolho

[Arquivado] Browser travando ao abrir tópico

Recommended Posts

Olá, criei este post: http://forum.imasters.com.br/index.php?/topic/374106-trojan-no-atapi-sys/

porém, depois que postei o log do hijack, sempre que abro o tópico o browser trava e não consigo vê-lo. Já tentei abrir com outros browsers, mas acontece a mesma coisa.

Se possível, eu gostaria que fosse postado novamente aqui o que foi postado lá no outro tópico após o envio do log

 

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, criei este post: http://forum.imasters.com.br/index.php?/topic/374106-trojan-no-atapi-sys/

porém, depois que postei o log do hijack, sempre que abro o tópico o browser trava e não consigo vê-lo. Já tentei abrir com outros browsers, mas acontece a mesma coisa.

Se possível, eu gostaria que fosse postado novamente aqui o que foi postado lá no outro tópico após o envio do log

 

Obrigado

 

Concordo plenamente...seu tópico está travando o browser.

 

 

Vamos continuar por aqui.

 

*Desative temporariamente seu antivírus

 

Iniciar > Programas > AVG

Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

CF1.jpg

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix irá continuar o processo automaticamente. Caso não esteja uma janela, conforme abaixo, será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

recovery-console-prompt.jpg

 

*Após a instalação, clique em [sIM] para continuar.

 

recovery-console-installed.jpg

 

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 09-12-08.03 - adm 08/12/2009 23:00:11.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1408 [GMT -3:00]

Executando de: c:\documents and settings\adm\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\java\jre1.6.0\bin\applet\jvm\services.exe

c:\windows\java\jre1.6.0\bin\jbroker.exe

c:\windows\system32\2158743776.dat

c:\windows\system32\av_md.exe

c:\windows\system32\config\systemprofile\av_md.exe

c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\system32\tmp62.tmp

c:\windows\system32\tmp63.tmp

c:\windows\system32\vbbho.tlb

c:\windows\Sysvxd.exe

E:\install.exe

 

A cópia de c:\windows\system32\Drivers\atapi.sys foi encontrada e desinfectada

Cópia restaurada de - c:\windows\ServicePackFiles\i386\atapi.sys

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_AVG8WDPOLICYAGENT

-------\Service_avg8wdPolicyAgent

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-09 to 2009-12-09 ))))))))))))))))))))))))))))

.

 

2009-12-08 14:52 . 2009-12-08 14:53 -------- d-----w- C:\HiJack

2009-12-07 00:11 . 2009-12-07 00:12 -------- d-----w- c:\arquivos de programas\hijack

2009-12-06 08:48 . 2009-12-06 08:48 164 ----a-w- c:\windows\system32\fjhdyfhsn.bat

2009-12-04 21:19 . 2009-12-08 19:24 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\Bioshock

2009-12-04 21:04 . 2009-12-04 21:04 -------- d-----w- c:\arquivos de programas\2K Games

2009-11-26 14:54 . 2009-11-26 14:54 -------- d-----w- C:\BrowserPlusPlugins

2009-11-26 12:19 . 2009-11-10 11:19 2064152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll

2009-11-20 15:28 . 2009-11-20 15:28 85012 ----a-w- c:\windows\system32\Nuncalev.zip

2009-11-20 00:58 . 2009-11-20 00:58 53760 ----a-w- c:\windows\system32\zlib.dll

2009-11-20 00:58 . 2009-11-20 00:58 45056 --sh--w- c:\windows\system32\Mdtc.exe

2009-11-20 00:58 . 2009-11-20 00:58 40960 ----a-w- c:\windows\system32\shdocwv.dll

2009-11-20 00:58 . 2009-10-30 05:51 249856 ----a-w- c:\windows\system32\Nuncalev.exe

2009-11-11 03:28 . 2009-11-11 03:28 247280 ----a-w- c:\documents and settings\adm\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-09 02:06 . 2009-03-06 05:03 -------- d-----w- c:\arquivos de programas\Steam

2009-12-08 19:48 . 2009-10-27 15:22 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\HPAppData

2009-12-06 08:48 . 2009-12-06 08:48 16 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\fvgqad.dat

2009-12-06 08:48 . 2009-12-06 08:48 4 ----a-w- c:\documents and settings\adm\Dados de aplicativos\avdrn.dat

2009-12-06 08:02 . 2009-03-07 05:07 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\uTorrent

2009-12-04 21:04 . 2009-04-28 04:13 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-12-02 23:12 . 2009-03-10 00:23 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\Skype

2009-12-02 19:02 . 2009-03-26 09:46 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\skypePM

2009-12-01 22:29 . 2009-12-01 22:27 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-11-21 23:50 . 2009-03-25 09:31 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\Audacity

2009-11-14 23:32 . 2009-03-07 06:28 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2009-11-10 23:05 . 2009-09-18 20:20 -------- d-----w- c:\arquivos de programas\Windows Live

2009-11-10 18:31 . 2009-05-06 18:24 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\U3

2009-11-09 18:00 . 2009-12-01 22:27 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-11-04 02:07 . 2009-11-04 02:07 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\runic games

2009-11-04 02:02 . 2009-11-04 02:02 -------- d-----w- c:\arquivos de programas\Runic Games

2009-11-03 12:38 . 2001-10-28 12:07 77558 ----a-w- c:\windows\system32\perfc016.dat

2009-11-03 12:38 . 2001-10-28 12:07 466718 ----a-w- c:\windows\system32\perfh016.dat

2009-10-30 17:26 . 2009-10-30 17:26 -------- d-----w- c:\arquivos de programas\DIFX

2009-10-30 17:26 . 2009-07-10 04:32 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-10-26 21:13 . 2009-10-26 21:13 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\HP

2009-10-26 21:00 . 2009-10-26 21:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WEBREG

2009-10-26 21:00 . 2009-10-26 20:42 167933 ----a-w- c:\windows\hphins27.dat

2009-10-26 20:52 . 2009-10-26 20:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2009-10-26 20:52 . 2009-10-26 20:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-10-26 20:52 . 2009-05-09 15:35 -------- d-----w- c:\arquivos de programas\HP

2009-10-26 20:51 . 2009-10-26 20:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2009-10-26 20:49 . 2009-10-26 20:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard

2009-10-15 22:51 . 2009-10-13 01:07 -------- d-----w- c:\arquivos de programas\Max Payne

2009-10-14 21:53 . 2009-10-14 18:27 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\GetRightToGo

2009-10-06 00:15 . 2009-10-06 00:11 1925024 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NOS\Adobe_Downloads\install_flash_player.exe

2009-09-23 16:11 . 2009-09-23 16:11 152576 ----a-w- c:\documents and settings\adm\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll

2009-09-18 15:15 . 2009-09-18 15:15 15240 ----a-w- c:\documents and settings\adm\Dados de aplicativos\Microsoft\IdentityCRL\ppcrlconfig.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F6667A8-BA4F-4F9E-BBB0-4F8AB0988C80}]

2009-11-20 00:58 40960 ----a-w- c:\windows\system32\shdocwv.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"Steam"="c:\arquivos de programas\Steam\Steam.exe" [2009-10-26 1217808]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

"Google Update"="c:\documents and settings\adm\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-08-05 133104]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 61952]

"RTHDCPL"="RTHDCPL.EXE" [2008-09-09 16851968]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]

"RoxWatchTray"="c:\arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"hpqSRMon"="c:\arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"MessengerPlus10"="c:\windows\system32\Mdtc.exe" [2009-11-20 45056]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-20 13:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\alaplaya\\S4League\\S4Client.exe"=

"c:\\Documents and Settings\\adm\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\adm\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Documents and Settings\\adm\\Desktop\\Worms Armageddon Final Rip by KirA\\Worms Armageddon Full 36290 by KirA\\WA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Steam\\Steam.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"59014:TCP"= 59014:TCP:Pando Media Booster

"59014:UDP"= 59014:UDP:Pando Media Booster

 

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/4/2009 15:19 717296]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2009 19:52 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2009 19:52 108552]

R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\arquivos de programas\ASTRA32\astra32.sys [22/2/2007 11:28 30864]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [7/3/2009 14:09 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [7/3/2009 14:09 297752]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

------- Scan Suplementar -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = 193.171.32.6:80

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\adm\Dados de aplicativos\Mozilla\Firefox\Profiles\kewugjr1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.diginet.com.br/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\browserplusplugins\86bc4f9b9ecf7af66ff436884d6f1650\npybrowserplus_2.4.21.dll

FF - plugin: c:\documents and settings\adm\Dados de aplicativos\Mozilla\Firefox\Profiles\kewugjr1.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

FF - plugin: c:\documents and settings\adm\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

AddRemove-LimitRO Small Client - c:\arquivos de programas\Gravity\Cópia de RO\uninst.exe

AddRemove-Soldat_is1 - c:\soldat\unins000.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-08 23:06

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spdl.sys >>UNKNOWN [0x89E05938]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28

\Driver\ACPI -> ACPI.sys @ 0xb7e67cb8

\Driver\atapi -> atapi.sys @ 0xb7dfcb40

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7d05bb0

PacketIndicateHandler -> NDIS.sys @ 0xb7d12a21

SendHandler -> NDIS.sys @ 0xb7cf087b

user & kernel MBR OK

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1659004503-1644491937-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:4f,4c,97,2b,8d,d2,aa,a7,f1,e0,a0,4a,94,f6,c2,d2,6d,db,90,5c,71,5e,f0,

e0,0e,1a,58,45,7a,69,ce,d5,31,22,a7,cd,2c,b3,c9,78,e0,b6,cd,06,16,63,5b,fa,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

 

[HKEY_USERS\S-1-5-21-1659004503-1644491937-1801674531-1003\Software\SecuROM\License information*]

"datasecu"=hex:40,87,fe,12,31,0c,2a,0a,86,a8,fc,97,4b,74,60,c5,78,51,ff,e5,09,

e8,da,a5,ca,88,e7,e7,8f,42,b8,fd,de,8a,29,8f,2b,af,4c,c9,c4,b0,72,71,88,77,\

"rkeysecu"=hex:57,52,1d,79,5f,2e,e8,36,07,d5,58,f9,cd,9b,02,4c

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\RealVNC\VNC4\WinVNC4.exe

c:\arquiv~1\AVG\AVG8\avgrsx.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\arquivos de programas\AVG\AVG8\avgcsrvx.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\iPod\bin\iPodService.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-12-08 23:09:26 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-12-09 02:09

 

Pré-execução: 11 pasta(s) 19.219.292.160 bytes disponíveis

Pós execução: 14 pasta(s) 20.025.442.304 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

 

- - End Of File - - BB71040510E48F5320EC259F10298110

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia josé pimpolho

Envie os arquivos abaixo, um por vez, para análise em http://virscan.org

 

c:\windows\system32\Nuncalev.exe

c:\windows\system32\Mdtc.exe

 

Cole os links contendo os resultados.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite jose pimpolho

 

1.

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

c:\windows\system32\fjhdyfhsn.bat

c:\windows\system32\Nuncalev.zip

c:\windows\system32\Nuncalev.exe

c:\documents and settings\NetworkService\Dados de aplicativos\fvgqad.dat

c:\documents and settings\adm\Dados de aplicativos\avdrn.dat

FileLook::

c:\windows\system32\Mdtc.exe

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

CFScript.gif

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

 

*Cole o relatório criado em C:\combofix.txt e novo log do hijack

Compartilhar este post


Link para o post
Compartilhar em outros sites

primeiro postarei o log do combofix para o post n ficar tão grande, em seguida, postarei o do hijack:

 

ComboFix 09-12-09.04 - adm 10/12/2009 2:52.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1611 [GMT -3:00]

Executando de: c:\documents and settings\adm\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\adm\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

FILE ::

"c:\documents and settings\adm\Dados de aplicativos\avdrn.dat"

"c:\documents and settings\NetworkService\Dados de aplicativos\fvgqad.dat"

"c:\windows\system32\fjhdyfhsn.bat"

"c:\windows\system32\Nuncalev.exe"

"c:\windows\system32\Nuncalev.zip"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\adm\Dados de aplicativos\avdrn.dat

c:\documents and settings\NetworkService\Dados de aplicativos\fvgqad.dat

c:\windows\system32\fjhdyfhsn.bat

c:\windows\system32\Nuncalev.exe

c:\windows\system32\Nuncalev.zip

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-10 to 2009-12-10 ))))))))))))))))))))))))))))

.

 

2009-12-10 05:33 . 2009-12-10 05:33 -------- d-----w- C:\Nostale(UK)

2009-12-09 02:12 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-12-09 02:12 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll

2009-12-08 14:52 . 2009-12-08 14:53 -------- d-----w- C:\HiJack

2009-12-07 00:11 . 2009-12-07 00:12 -------- d-----w- c:\arquivos de programas\hijack

2009-12-04 21:19 . 2009-12-10 00:25 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\Bioshock

2009-12-04 21:04 . 2009-12-04 21:04 -------- d-----w- c:\arquivos de programas\2K Games

2009-11-26 14:54 . 2009-11-26 14:54 -------- d-----w- C:\BrowserPlusPlugins

2009-11-26 12:19 . 2009-11-10 11:19 2064152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll

2009-11-20 00:58 . 2009-11-20 00:58 53760 ----a-w- c:\windows\system32\zlib.dll

2009-11-20 00:58 . 2009-11-20 00:58 45056 --sh--w- c:\windows\system32\Mdtc.exe

2009-11-20 00:58 . 2009-11-20 00:58 40960 ----a-w- c:\windows\system32\shdocwv.dll

2009-11-11 03:28 . 2009-11-11 03:28 247280 ----a-w- c:\documents and settings\adm\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-10 05:49 . 2009-03-06 05:03 -------- d-----w- c:\arquivos de programas\Steam

2009-12-09 02:52 . 2009-10-27 15:22 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\HPAppData

2009-12-06 08:02 . 2009-03-07 05:07 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\uTorrent

2009-12-04 21:04 . 2009-04-28 04:13 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-12-02 23:12 . 2009-03-10 00:23 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\Skype

2009-12-02 19:02 . 2009-03-26 09:46 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\skypePM

2009-12-01 22:29 . 2009-12-01 22:27 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-11-21 23:50 . 2009-03-25 09:31 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\Audacity

2009-11-14 23:32 . 2009-03-07 06:28 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2009-11-10 23:05 . 2009-09-18 20:20 -------- d-----w- c:\arquivos de programas\Windows Live

2009-11-10 18:31 . 2009-05-06 18:24 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\U3

2009-11-09 18:00 . 2009-12-01 22:27 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-11-04 02:07 . 2009-11-04 02:07 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\runic games

2009-11-04 02:02 . 2009-11-04 02:02 -------- d-----w- c:\arquivos de programas\Runic Games

2009-11-03 12:38 . 2001-10-28 12:07 77558 ----a-w- c:\windows\system32\perfc016.dat

2009-11-03 12:38 . 2001-10-28 12:07 466718 ----a-w- c:\windows\system32\perfh016.dat

2009-10-30 17:26 . 2009-10-30 17:26 -------- d-----w- c:\arquivos de programas\DIFX

2009-10-30 17:26 . 2009-07-10 04:32 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-10-26 21:13 . 2009-10-26 21:13 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\HP

2009-10-26 21:00 . 2009-10-26 21:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WEBREG

2009-10-26 21:00 . 2009-10-26 20:42 167933 ----a-w- c:\windows\hphins27.dat

2009-10-26 20:52 . 2009-10-26 20:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2009-10-26 20:52 . 2009-10-26 20:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-10-26 20:52 . 2009-05-09 15:35 -------- d-----w- c:\arquivos de programas\HP

2009-10-26 20:51 . 2009-10-26 20:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2009-10-26 20:49 . 2009-10-26 20:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard

2009-10-15 22:51 . 2009-10-13 01:07 -------- d-----w- c:\arquivos de programas\Max Payne

2009-10-14 21:53 . 2009-10-14 18:27 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\GetRightToGo

2009-10-06 00:15 . 2009-10-06 00:11 1925024 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NOS\Adobe_Downloads\install_flash_player.exe

2009-09-23 16:11 . 2009-09-23 16:11 152576 ----a-w- c:\documents and settings\adm\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll

2009-09-18 15:15 . 2009-09-18 15:15 15240 ----a-w- c:\documents and settings\adm\Dados de aplicativos\Microsoft\IdentityCRL\ppcrlconfig.dll

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

--- c:\windows\system32\Mdtc.exe ---

Company: Microsoft Corporation ©

File Description: ------

File Version: 1.00

Product Name: MsnMon

Copyright: ------

Original Filename: Msn.exe

File size: 45056

Created time: 2009-11-20 00:58

Modified time: 2009-11-20 00:58

MD5: 9144584987C6E6DBF202BD8635FF9627

SHA1: D762BE7130E707876E4755B15D3D229C4C121230

 

 

((((((((((((((((((((((((((((( SnapShot@2009-12-09_02.06.14 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-10 05:50 . 2009-12-10 05:50 16384 c:\windows\Temp\Perflib_Perfdata_7e8.dat

+ 2009-03-04 21:40 . 2009-08-06 22:24 44768 c:\windows\system32\wups2.dll

+ 2009-03-04 19:42 . 2009-08-06 22:24 35552 c:\windows\system32\wups.dll

+ 2009-03-04 19:42 . 2009-08-06 22:24 53472 c:\windows\system32\wuauclt.exe

+ 2009-12-09 02:12 . 2009-08-06 22:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll

+ 2009-12-09 02:12 . 2009-08-06 22:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll

+ 2009-03-04 19:42 . 2009-08-06 22:24 35552 c:\windows\system32\dllcache\wups.dll

+ 2009-03-04 19:42 . 2009-08-06 22:24 53472 c:\windows\system32\dllcache\wuauclt.exe

+ 2004-08-04 03:45 . 2009-08-06 22:24 96480 c:\windows\system32\dllcache\cdm.dll

+ 2004-08-04 03:45 . 2009-08-06 22:24 96480 c:\windows\system32\cdm.dll

+ 2009-03-04 19:42 . 2009-08-06 22:24 209632 c:\windows\system32\wuweb.dll

+ 2009-03-04 19:42 . 2009-08-06 22:24 327896 c:\windows\system32\wucltui.dll

+ 2009-03-04 19:42 . 2009-08-06 22:23 575704 c:\windows\system32\wuapi.dll

+ 2009-03-04 19:42 . 2009-08-06 22:24 209632 c:\windows\system32\dllcache\wuweb.dll

+ 2009-03-04 19:42 . 2009-08-06 22:24 327896 c:\windows\system32\dllcache\wucltui.dll

+ 2009-03-04 19:42 . 2009-08-06 22:23 575704 c:\windows\system32\dllcache\wuapi.dll

+ 2009-03-04 19:42 . 2009-08-06 22:23 1929952 c:\windows\system32\wuaueng.dll

+ 2009-03-04 19:42 . 2009-08-06 22:23 1929952 c:\windows\system32\dllcache\wuaueng.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F6667A8-BA4F-4F9E-BBB0-4F8AB0988C80}]

2009-11-20 00:58 40960 ----a-w- c:\windows\system32\shdocwv.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\arquivos de programas\Steam\Steam.exe -silent" [X]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe -autorun" [X]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"Google Update"="c:\documents and settings\adm\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-08-05 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe -atboottime" [X]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 61952]

"RTHDCPL"="RTHDCPL.EXE" [2008-09-09 16851968]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]

"RoxWatchTray"="c:\arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"hpqSRMon"="c:\arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"MessengerPlus10"="c:\windows\system32\Mdtc.exe" [2009-11-20 45056]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-20 13:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\alaplaya\\S4League\\S4Client.exe"=

"c:\\Documents and Settings\\adm\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\adm\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Documents and Settings\\adm\\Desktop\\Worms Armageddon Final Rip by KirA\\Worms Armageddon Full 36290 by KirA\\WA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Steam\\Steam.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"59014:TCP"= 59014:TCP:Pando Media Booster

"59014:UDP"= 59014:UDP:Pando Media Booster

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2009 19:52 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2009 19:52 108552]

R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\arquivos de programas\ASTRA32\astra32.sys [22/2/2007 11:28 30864]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [7/3/2009 14:09 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [7/3/2009 14:09 297752]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/4/2009 15:19 717296]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

------- Scan Suplementar -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = 193.171.32.6:80

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\adm\Dados de aplicativos\Mozilla\Firefox\Profiles\kewugjr1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.diginet.com.br/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\browserplusplugins\86bc4f9b9ecf7af66ff436884d6f1650\npybrowserplus_2.4.21.dll

FF - plugin: c:\documents and settings\adm\Dados de aplicativos\Mozilla\Firefox\Profiles\kewugjr1.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

FF - plugin: c:\documents and settings\adm\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-10 02:57

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1659004503-1644491937-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:e1,8c,7a,c6,ae,7b,48,df,5b,ee,c0,76,f5,c8,25,cd,c8,df,e2,3a,3a,8f,36,

4b,8b,6f,fe,62,00,a1,4d,05,03,5e,33,80,23,66,a3,ab,3b,84,9e,34,c4,82,7d,db,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

 

[HKEY_USERS\S-1-5-21-1659004503-1644491937-1801674531-1003\Software\SecuROM\License information*]

"datasecu"=hex:40,87,fe,12,31,0c,2a,0a,86,a8,fc,97,4b,74,60,c5,78,51,ff,e5,09,

e8,da,a5,ca,88,e7,e7,8f,42,b8,fd,de,8a,29,8f,2b,af,4c,c9,c4,b0,72,71,88,77,\

"rkeysecu"=hex:57,52,1d,79,5f,2e,e8,36,07,d5,58,f9,cd,9b,02,4c

.

Tempo para conclusão: 2009-12-10 02:58:25

ComboFix-quarantined-files.txt 2009-12-10 05:58

ComboFix2.txt 2009-12-09 02:09

 

Pré-execução: 14 pasta(s) 22.088.785.920 bytes disponíveis

Pós execução: 15 pasta(s) 22.062.325.760 bytes disponíveis

 

- - End Of File - - 8F348AF96792EB384B2A182296D23423

Compartilhar este post


Link para o post
Compartilhar em outros sites

log do hijack:

 

                         $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$                         º                                    º                                     hjtscanlist v2.0                                      º                                    º                         $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Microsoft Windows XP [versão 5.1.2600]  C:  10/12/2009 03:05      C:\WINDOWS --------- 0   10/12/2009 03:04      C:\Config.Msi --------- 0   10/12/2009 02:58      C:\Qoobox --------- 0   10/12/2009 02:58      C:\ComboFix.txt --------- 17379         C:\pagefile.sys ---------    10/12/2009 02:33      C:\Nostale(UK) --------- 0   10/12/2009 02:32      C:\$AVG8.VAULT$ --------- 0   08/12/2009 22:58      C:\boot.ini --------- 293   08/12/2009 22:58      C:\cmdcons --------- 0   08/12/2009 11:53      C:\HiJack --------- 0   06/12/2009 21:15      C:\Arquivos de programas --------- 0   29/11/2009 16:31      C:\dump_dvd.vob --------- 0   26/11/2009 11:54      C:\BrowserPlusPlugins --------- 0   30/10/2009 14:26      C:\Boot.bak --------- 223   14/10/2009 18:48      C:\Gravity --------- 0   15/09/2009 14:20      C:\NVIDIA --------- 0   14/09/2009 21:43      C:\sqmdata19.sqm --------- 268   14/09/2009 21:43      C:\sqmnoopt19.sqm --------- 244   31/08/2009 11:50      C:\sqmdata18.sqm --------- 268   31/08/2009 11:50      C:\sqmnoopt18.sqm --------- 244   17/08/2009 18:10      C:\MSDOS.INF --------- 1   17/08/2009 18:10      C:\pagefile.log --------- 17   16/08/2009 16:37      C:\sqmnoopt17.sqm --------- 244   16/08/2009 16:37      C:\sqmdata17.sqm --------- 268   16/08/2009 12:51      C:\sqmdata16.sqm --------- 268   16/08/2009 12:51      C:\sqmnoopt16.sqm --------- 244   15/08/2009 13:32      C:\sqmdata15.sqm --------- 232   15/08/2009 13:32      C:\sqmnoopt15.sqm --------- 244   01/08/2009 13:15      C:\sqmdata14.sqm --------- 268   01/08/2009 13:15      C:\sqmnoopt14.sqm --------- 244   17/07/2009 15:18      C:\sqmdata13.sqm --------- 268   17/07/2009 15:18      C:\sqmnoopt13.sqm --------- 244   20/05/2009 12:31      C:\sqmdata12.sqm --------- 232   20/05/2009 12:31      C:\sqmnoopt12.sqm --------- 244   18/05/2009 03:45      C:\temp --------- 0   06/05/2009 11:45      C:\sqmdata11.sqm --------- 268   06/05/2009 11:45      C:\sqmnoopt11.sqm --------- 244   28/03/2009 06:06      C:\logwmemory.bin --------- 0   23/03/2009 22:57      C:\sqmdata10.sqm --------- 268   23/03/2009 22:57      C:\sqmnoopt10.sqm --------- 244   22/03/2009 10:56      C:\sqmdata09.sqm --------- 268   22/03/2009 10:56      C:\sqmnoopt09.sqm --------- 244   22/03/2009 10:45      C:\sqmnoopt08.sqm --------- 244   22/03/2009 10:45      C:\sqmdata08.sqm --------- 268   21/03/2009 12:56      C:\sqmdata07.sqm --------- 268   21/03/2009 12:56      C:\sqmnoopt07.sqm --------- 244   21/03/2009 12:22      C:\sqmdata06.sqm --------- 268   21/03/2009 12:22      C:\sqmnoopt06.sqm --------- 244   21/03/2009 12:03      C:\sqmdata05.sqm --------- 268   21/03/2009 12:03      C:\sqmnoopt05.sqm --------- 244   21/03/2009 09:22      C:\sqmdata04.sqm --------- 268   21/03/2009 09:22      C:\sqmnoopt04.sqm --------- 244   20/03/2009 23:45      C:\sqmdata03.sqm --------- 268   20/03/2009 23:45      C:\sqmnoopt03.sqm --------- 244   20/03/2009 23:15      C:\sqmdata02.sqm --------- 268   20/03/2009 23:15      C:\sqmnoopt02.sqm --------- 244   20/03/2009 09:13      C:\sqmdata01.sqm --------- 268   20/03/2009 09:13      C:\sqmnoopt01.sqm --------- 244   19/03/2009 23:09      C:\sqmnoopt00.sqm --------- 244   19/03/2009 23:09      C:\sqmdata00.sqm --------- 268   04/03/2009 20:28      C:\ntldr --------- 251696   04/03/2009 19:43      C:\Globalink --------- 0   04/03/2009 19:39      C:\3_Realtek_1021 --------- 0   04/03/2009 19:30      C:\3_Realtek_1021.zip --------- 49273788   04/03/2009 17:29      C:\csb.log --------- 10   04/03/2009 16:48      C:\Documents and Settings --------- 0   04/03/2009 16:48      C:\System Volume Information --------- 0   04/03/2009 16:44      C:\MSDOS.SYS --------- 0   04/03/2009 16:44      C:\AUTOEXEC.BAT --------- 0   04/03/2009 16:44      C:\IO.SYS --------- 0   04/03/2009 16:44      C:\CONFIG.SYS --------- 0   03/08/2004 23:00      C:\cmldr --------- 261856   03/08/2004 22:38      C:\NTDETECT.COM --------- 47564   28/10/2001 09:06      C:\Bootfont.bin --------- 4952 ---------------------------------------- C:\WINDOWS  10/12/2009 03:05     C:\WINDOWS\setupapi.log --------- 839792   10/12/2009 03:05     C:\WINDOWS\KB941569.log --------- 26730   10/12/2009 03:05     C:\WINDOWS\WindowsUpdate.log --------- 1529281   10/12/2009 03:05     C:\WINDOWS\tsoc.log --------- 99517   10/12/2009 03:05     C:\WINDOWS\tabletoc.log --------- 11360   10/12/2009 03:05     C:\WINDOWS\iis6.log --------- 253043   10/12/2009 03:05     C:\WINDOWS\imsins.log --------- 1393   10/12/2009 03:05     C:\WINDOWS\ntdtcsetup.log --------- 46677   10/12/2009 03:05     C:\WINDOWS\comsetup.log --------- 80491   10/12/2009 03:05     C:\WINDOWS\ocmsn.log --------- 13056   10/12/2009 03:05     C:\WINDOWS\KB973687.log --------- 50731   10/12/2009 03:05     C:\WINDOWS\ocgen.log --------- 109153   10/12/2009 03:05     C:\WINDOWS\msgsocm.log --------- 10603   10/12/2009 03:05     C:\WINDOWS\MedCtrOC.log --------- 16285   10/12/2009 03:05     C:\WINDOWS\netfxocm.log --------- 37120   10/12/2009 03:05     C:\WINDOWS\FaxSetup.log --------- 209391   10/12/2009 03:05     C:\WINDOWS\msmqinst.log --------- 71800   10/12/2009 03:05     C:\WINDOWS\updspapi.log --------- 129132   10/12/2009 03:05     C:\WINDOWS\imsins.BAK --------- 1393   10/12/2009 03:05     C:\WINDOWS\KB950762.log --------- 49971   10/12/2009 03:05     C:\WINDOWS\KB957097.log --------- 50035   10/12/2009 03:05     C:\WINDOWS\KB958687.log --------- 49959   10/12/2009 03:05     C:\WINDOWS\KB952287.log --------- 49670   10/12/2009 03:05     C:\WINDOWS\KB973354.log --------- 49651   10/12/2009 03:05     C:\WINDOWS\KB973904.log --------- 50809   10/12/2009 03:05     C:\WINDOWS\KB967715.log --------- 57402   10/12/2009 03:05     C:\WINDOWS\KB973540.log --------- 47624   10/12/2009 03:05     C:\WINDOWS\wmsetup.log --------- 71596   10/12/2009 03:05     C:\WINDOWS\spupdsvc.log --------- 70290   10/12/2009 03:04     C:\WINDOWS\KB951066.log --------- 18216   10/12/2009 03:04     C:\WINDOWS\KB974392.log --------- 23692   10/12/2009 03:04     C:\WINDOWS\KB954459.log --------- 25148   10/12/2009 03:04     C:\WINDOWS\KB952069.log --------- 19403   10/12/2009 03:03     C:\WINDOWS\KB951748.log --------- 25814   10/12/2009 03:03     C:\WINDOWS\KB970238.log --------- 21140   10/12/2009 03:03     C:\WINDOWS\KB971486.log --------- 16777   10/12/2009 03:03     C:\WINDOWS\KB960803.log --------- 20623   10/12/2009 03:03     C:\WINDOWS\KB973815.log --------- 19931   10/12/2009 03:03     C:\WINDOWS\KB973525.log --------- 14793   10/12/2009 03:01     C:\WINDOWS\KB958644.log --------- 15305   10/12/2009 03:01     C:\WINDOWS\KB955069.log --------- 14793   10/12/2009 03:01     C:\WINDOWS\KB956802.log --------- 21482   10/12/2009 03:01     C:\WINDOWS\msxml4-KB954430-enu.LOG --------- 302788   10/12/2009 03:01     C:\WINDOWS\msxml4-KB973688-enu.LOG --------- 310866   10/12/2009 03:00     C:\WINDOWS\KB923561.log --------- 14376   10/12/2009 03:00     C:\WINDOWS\KB971961.log --------- 12684   10/12/2009 03:00     C:\WINDOWS\KB975467.log --------- 18076   10/12/2009 03:00     C:\WINDOWS\KB968389.log --------- 18412   10/12/2009 03:00     C:\WINDOWS\KB969947.log --------- 14729   10/12/2009 03:00     C:\WINDOWS\setuperr.log --------- 0   10/12/2009 02:57     C:\WINDOWS\system.ini --------- 227   10/12/2009 02:52     C:\WINDOWS\SchedLgU.Txt --------- 32456   10/12/2009 02:51     C:\WINDOWS\0.log --------- 0   10/12/2009 02:50     C:\WINDOWS\wiadebug.log --------- 159   10/12/2009 02:50     C:\WINDOWS\wiaservc.log --------- 50   10/12/2009 02:50     C:\WINDOWS\bootstat.dat --------- 2048   09/12/2009 22:54     C:\WINDOWS\PEV.exe --------- 261632   09/12/2009 17:57     C:\WINDOWS\KB952954.log --------- 6259   09/12/2009 17:57     C:\WINDOWS\KB959426.log --------- 6171   09/12/2009 17:57     C:\WINDOWS\KB960859.log --------- 6079   09/12/2009 17:57     C:\WINDOWS\KB961503.log --------- 5802   09/12/2009 17:57     C:\WINDOWS\KB974318.log --------- 5982   09/12/2009 17:57     C:\WINDOWS\KB969059.log --------- 5888   09/12/2009 17:56     C:\WINDOWS\KB961371-v2.log --------- 5791   09/12/2009 17:56     C:\WINDOWS\KB971657.log --------- 5615   09/12/2009 17:56     C:\WINDOWS\KB971557.log --------- 5521   09/12/2009 17:56     C:\WINDOWS\KB960225.log --------- 5429   09/12/2009 17:56     C:\WINDOWS\KB974112.log --------- 5342   09/12/2009 17:56     C:\WINDOWS\KB961501.log --------- 5249   09/12/2009 17:56     C:\WINDOWS\KB971633.log --------- 5164   09/12/2009 17:56     C:\WINDOWS\KB975025.log --------- 5065   09/12/2009 17:56     C:\WINDOWS\KB952004.log --------- 4985   09/12/2009 17:55     C:\WINDOWS\KB974571.log --------- 4875   09/12/2009 17:55     C:\WINDOWS\KB976325.log --------- 5193   09/12/2009 17:53     C:\WINDOWS\KB973507.log --------- 4690   09/12/2009 17:19     C:\WINDOWS\KB950974.log --------- 6966   07/12/2009 20:33     C:\WINDOWS\NeroDigital.ini --------- 116   05/12/2009 16:34     C:\WINDOWS\kaillera.ini --------- 704   15/11/2009 08:47     C:\WINDOWS\hs_err_pid3036.log --------- 10864   09/11/2009 15:00     C:\WINDOWS\avisplitter.ini --------- 38   02/11/2009 22:27     C:\WINDOWS\win.ini --------- 833   30/10/2009 14:26     C:\WINDOWS\DPINST.LOG --------- 29408   26/10/2009 18:00     C:\WINDOWS\hphins27.dat --------- 167933   26/10/2009 18:00     C:\WINDOWS\setupact.log --------- 186894   25/10/2009 06:11     C:\WINDOWS\MBR.exe --------- 77312   23/10/2009 12:53     C:\WINDOWS\ModemLog_Modem padrão.txt --------- 4650   18/10/2009 14:11     C:\WINDOWS\DirectX.log --------- 504178   16/10/2009 20:31     C:\WINDOWS\WA.INI --------- 122   17/09/2009 23:15     C:\WINDOWS\KB954708.log --------- 610   10/09/2009 14:27     C:\WINDOWS\COM+.log --------- 1566   10/07/2009 01:32     C:\WINDOWS\DIFx.log --------- 2705   25/06/2009 21:07     C:\WINDOWS\popcinfot.dat --------- 25   19/05/2009 03:59     C:\WINDOWS\wiaservim.log --------- 16   09/05/2009 12:38     C:\WINDOWS\hpoins04.dat --------- 103511   09/05/2009 12:38     C:\WINDOWS\hpoins04.dat.temp --------- 103511   08/05/2009 00:05     C:\WINDOWS\ReVoltX.ini --------- 1038   21/04/2009 15:29     C:\WINDOWS\xpsp1hfm.log --------- 1074   21/04/2009 15:25     C:\WINDOWS\WMSysPr9.prx --------- 316640   20/04/2009 12:56     C:\WINDOWS\NIRCMD.exe --------- 31232   15/04/2009 16:39     C:\WINDOWS\IE4 Error Log.txt --------- 2009   09/03/2009 22:17     C:\WINDOWS\HideWin.exe --------- 319488   05/03/2009 17:26     C:\WINDOWS\nsreg.dat --------- 0   04/03/2009 20:38     C:\WINDOWS\OEWABLog.txt --------- 1186   04/03/2009 20:37     C:\WINDOWS\DtcInstall.log --------- 359   04/03/2009 20:36     C:\WINDOWS\spupdsvc.log.1.log --------- 187   04/03/2009 20:33     C:\WINDOWS\svcpack.log --------- 529397   04/03/2009 20:32     C:\WINDOWS\cmsetacl.log --------- 373   04/03/2009 20:32     C:\WINDOWS\sessmgr.setup.log --------- 1281   04/03/2009 19:48     C:\WINDOWS\ODBC.INI --------- 421   04/03/2009 19:43     C:\WINDOWS\vminst.log --------- 2081   04/03/2009 19:41     C:\WINDOWS\iun3404.exe --------- 216064   04/03/2009 19:39     C:\WINDOWS\KB898461.log --------- 6964   04/03/2009 19:39     C:\WINDOWS\KB892130.log --------- 4608   04/03/2009 17:29     C:\WINDOWS\KB835221.log --------- 10042   04/03/2009 16:47     C:\WINDOWS\REGLOCS.OLD --------- 8192   04/03/2009 16:44     C:\WINDOWS\control.ini --------- 0   04/03/2009 16:44     C:\WINDOWS\ODBCINST.INI --------- 4205   04/03/2009 16:43     C:\WINDOWS\WindowsShell.Manifest --------- 749   04/03/2009 16:42     C:\WINDOWS\vb.ini --------- 36   04/03/2009 16:42     C:\WINDOWS\vbaddin.ini --------- 37   04/03/2009 13:39     C:\WINDOWS\Sti_Trace.log --------- 0   04/03/2009 13:37     C:\WINDOWS\regopt.log --------- 1282   09/09/2008 18:39     C:\WINDOWS\RTHDCPL.EXE --------- 16851968   19/08/2008 13:26     C:\WINDOWS\SOUNDMAN.EXE --------- 77824   06/08/2008 15:51     C:\WINDOWS\RtlUpd.exe --------- 1200128   19/06/2008 16:42     C:\WINDOWS\ALCWZRD.EXE --------- 2808832   19/06/2008 16:27     C:\WINDOWS\RTLCPL.EXE --------- 9715200   19/06/2008 16:20     C:\WINDOWS\ALCMTR.EXE --------- 57344   13/04/2008 23:21     C:\WINDOWS\winhlp32.exe --------- 287744   13/04/2008 23:21     C:\WINDOWS\slrundll.exe --------- 32866   13/04/2008 23:21     C:\WINDOWS\regedit.exe --------- 150528   13/04/2008 23:21     C:\WINDOWS\notepad.exe --------- 70144   13/04/2008 23:21     C:\WINDOWS\hh.exe --------- 10752   13/04/2008 23:20     C:\WINDOWS\explorer.exe --------- 1035776   13/04/2008 23:20     C:\WINDOWS\twain_32.dll --------- 50688   12/12/2007 21:04     C:\WINDOWS\hphmdl27.dat --------- 787   20/11/2007 18:15     C:\WINDOWS\SkyTel.exe --------- 1826816   28/06/2007 16:44     C:\WINDOWS\MicCal.exe --------- 2165760   27/03/2007 14:16     C:\WINDOWS\wmprfptb.prx --------- 33694   28/12/2006 16:01     C:\WINDOWS\002697_.tmp --------- 19569   14/07/2006 16:29     C:\WINDOWS\UNNeroMediaHome.exe --------- 966656   14/07/2006 16:29     C:\WINDOWS\UNNeroShowTime.exe --------- 966656   14/07/2006 16:29     C:\WINDOWS\UNNeroBackItUp.exe --------- 966656   14/07/2006 16:29     C:\WINDOWS\UNRecode.exe --------- 966656   14/07/2006 16:29     C:\WINDOWS\UNNeroVision.exe --------- 966656   15/09/2005 13:35     C:\WINDOWS\UNNeroMediaHome.cfg --------- 50   30/08/2005 20:37     C:\WINDOWS\UNNeroVision.cfg --------- 50   30/08/2005 20:37     C:\WINDOWS\UNNeroShowTime.cfg --------- 50   30/08/2005 20:36     C:\WINDOWS\UNRecode.cfg --------- 50   30/08/2005 20:33     C:\WINDOWS\UNNeroBackItUp.cfg --------- 50   04/08/2004 01:40     C:\WINDOWS\SET3.tmp --------- 1014492   04/08/2004 01:34     C:\WINDOWS\SET8.tmp --------- 14043   04/08/2004 01:31     C:\WINDOWS\SET4.tmp --------- 1086058   22/06/2004 09:09     C:\WINDOWS\hpomdl04.dat.temp --------- 17176   22/06/2004 09:09     C:\WINDOWS\hpomdl04.dat --------- 17176   18/02/2002 10:23     C:\WINDOWS\setdebug.exe --------- 46352   18/02/2002 07:35     C:\WINDOWS\jautoexp.dat --------- 6550   28/10/2001 09:07     C:\WINDOWS\Tapete.bmp --------- 9522   28/10/2001 09:07     C:\WINDOWS\_default.pif --------- 707   28/10/2001 09:07     C:\WINDOWS\winhelp.exe --------- 304000   28/10/2001 09:07     C:\WINDOWS\winnt256.bmp --------- 48680   28/10/2001 09:07     C:\WINDOWS\winnt.bmp --------- 48680   28/10/2001 09:07     C:\WINDOWS\vmmreg32.dll --------- 18944   28/10/2001 09:07     C:\WINDOWS\twain.dll --------- 94832   28/10/2001 09:07     C:\WINDOWS\twunk_32.exe --------- 25600   28/10/2001 09:07     C:\WINDOWS\twunk_16.exe --------- 49680   28/10/2001 09:07     C:\WINDOWS\TASKMAN.EXE --------- 15360   28/10/2001 09:07     C:\WINDOWS\desktop.ini --------- 2   28/10/2001 09:07     C:\WINDOWS\Deserto.bmp --------- 65832   28/10/2001 09:07     C:\WINDOWS\Leques.bmp --------- 26680   28/10/2001 09:07     C:\WINDOWS\Rododentro.bmp --------- 17362   28/10/2001 09:07     C:\WINDOWS\Bruma.bmp --------- 65954   28/10/2001 09:07     C:\WINDOWS\msdfmap.ini --------- 1405   28/10/2001 09:06     C:\WINDOWS\Areia.bmp --------- 26582   28/10/2001 09:06     C:\WINDOWS\Pescaria.bmp --------- 17336   28/10/2001 09:06     C:\WINDOWS\explorer.scf --------- 80   28/10/2001 09:06     C:\WINDOWS\Seda.bmp --------- 16730   28/10/2001 09:06     C:\WINDOWS\clock.avi --------- 82944   28/10/2001 09:06     C:\WINDOWS\Cafezinho.bmp --------- 17062   28/10/2001 09:06     C:\WINDOWS\Bolhas de sabão.bmp --------- 65978   28/10/2001 09:06     C:\WINDOWS\Renda azul 16.bmp --------- 1272   31/08/2000 08:00     C:\WINDOWS\SWREG.exe --------- 161792   31/08/2000 08:00     C:\WINDOWS\SWSC.exe --------- 136704   31/08/2000 08:00     C:\WINDOWS\sed.exe --------- 98816   31/08/2000 08:00     C:\WINDOWS\SWXCACLS.exe --------- 212480   31/08/2000 08:00     C:\WINDOWS\zip.exe --------- 68096   31/08/2000 08:00     C:\WINDOWS\grep.exe --------- 80412   18/04/1997 11:53     C:\WINDOWS\unin0416.exe --------- 298496 ---------------------------------------- C:\WINDOWS\System 13/04/2008 23:21    C:\WINDOWS\System\winspool.drv --------- 146944  04/08/2004 00:35    C:\WINDOWS\System\MMSYSTEM.DLL --------- 70080  28/10/2001 09:07    C:\WINDOWS\System\WFWNET.DRV --------- 13600  28/10/2001 09:07    C:\WINDOWS\System\VER.DLL --------- 9072  28/10/2001 09:07    C:\WINDOWS\System\VGA.DRV --------- 2176  28/10/2001 09:07    C:\WINDOWS\System\TIMER.DRV --------- 4096  28/10/2001 09:07    C:\WINDOWS\System\TAPI.DLL --------- 19200  28/10/2001 09:07    C:\WINDOWS\System\SYSTEM.DRV --------- 3360  28/10/2001 09:07    C:\WINDOWS\System\stdole.tlb --------- 5532  28/10/2001 09:07    C:\WINDOWS\System\SOUND.DRV --------- 1744  28/10/2001 09:07    C:\WINDOWS\System\setup.inf --------- 59167  28/10/2001 09:07    C:\WINDOWS\System\SHELL.DLL --------- 5120  28/10/2001 09:07    C:\WINDOWS\System\OLESVR.DLL --------- 24064  28/10/2001 09:07    C:\WINDOWS\System\OLECLI.DLL --------- 83456  28/10/2001 09:07    C:\WINDOWS\System\MSVIDEO.DLL --------- 127120  28/10/2001 09:07    C:\WINDOWS\System\MOUSE.DRV --------- 2032  28/10/2001 09:07    C:\WINDOWS\System\MMTASK.TSK --------- 1152  28/10/2001 09:06    C:\WINDOWS\System\MCIAVI.DRV --------- 73632  28/10/2001 09:06    C:\WINDOWS\System\MCIWAVE.DRV --------- 28160  28/10/2001 09:06    C:\WINDOWS\System\MCISEQ.DRV --------- 25296  28/10/2001 09:06    C:\WINDOWS\System\LZEXPAND.DLL --------- 9936  28/10/2001 09:06    C:\WINDOWS\System\KEYBOARD.DRV --------- 2000  28/10/2001 09:06    C:\WINDOWS\System\COMMDLG.DLL --------- 33504  28/10/2001 09:06    C:\WINDOWS\System\AVICAP.DLL --------- 70144  28/10/2001 09:06    C:\WINDOWS\System\AVIFILE.DLL --------- 109536 ---------------------------------------- C:\WINDOWS\System32 10/12/2009 03:05     C:\WINDOWS\system32\dllcache --------- 0  10/12/2009 03:05     C:\WINDOWS\system32\drivers --------- 0  10/12/2009 03:00     C:\WINDOWS\system32\CatRoot2 --------- 0  09/12/2009 13:52     C:\WINDOWS\system32\NvApps.xml --------- 244806  08/12/2009 23:03     C:\WINDOWS\system32\config --------- 0  07/12/2009 10:51     C:\WINDOWS\system32\wpa.dbl --------- 2206  01/12/2009 12:06     C:\WINDOWS\system32\MRT.exe --------- 25966024  19/11/2009 21:58     C:\WINDOWS\system32\Mdtc.exe --------- 45056  19/11/2009 21:58     C:\WINDOWS\system32\zlib.dll --------- 53760  19/11/2009 21:58     C:\WINDOWS\system32\MSNMessengerAPI.tlb --------- 24884  19/11/2009 21:58     C:\WINDOWS\system32\shdocwv.dll --------- 40960  19/11/2009 21:58     C:\WINDOWS\system32\msado20.tlb --------- 61440  09/11/2009 15:00     C:\WINDOWS\system32\ff_vfw.dll --------- 85504  09/11/2009 15:00     C:\WINDOWS\system32\pndx5016.dll --------- 6656  09/11/2009 15:00     C:\WINDOWS\system32\pndx5032.dll --------- 5632  09/11/2009 15:00     C:\WINDOWS\system32\rmoc3260.dll --------- 185920  09/11/2009 15:00     C:\WINDOWS\system32\pncrt.dll --------- 278528  03/11/2009 09:38     C:\WINDOWS\system32\perfc016.dat --------- 77558  03/11/2009 09:38     C:\WINDOWS\system32\perfh009.dat --------- 433942  03/11/2009 09:38     C:\WINDOWS\system32\perfc009.dat --------- 68922  03/11/2009 09:38     C:\WINDOWS\system32\perfh016.dat --------- 466718  03/11/2009 09:38     C:\WINDOWS\system32\PerfStringBackup.INI --------- 1061436  30/10/2009 14:27     C:\WINDOWS\system32\DirectX --------- 0  30/10/2009 14:26     C:\WINDOWS\system32\DRVSTORE --------- 0  30/10/2009 02:51     C:\WINDOWS\system32\mbr.ini --------- 249856  13/10/2009 07:34     C:\WINDOWS\system32\SET11E.tmp --------- 271360  24/09/2009 12:15     C:\WINDOWS\system32\FNTCACHE.DAT --------- 194568  23/09/2009 13:12     C:\WINDOWS\system32\jupdate-1.6.0_15-b03.log --------- 4465  11/09/2009 11:19     C:\WINDOWS\system32\SET2B.tmp --------- 136192  10/09/2009 12:46     C:\WINDOWS\system32\URTTEMP --------- 0  20/08/2009 10:27     C:\WINDOWS\system32\avgrsstx.dll --------- 11952  17/08/2009 03:04     C:\WINDOWS\system32\nvwddi.dll --------- 81920  17/08/2009 03:03     C:\WINDOWS\system32\nvwss.dll --------- 3170304  17/08/2009 03:03     C:\WINDOWS\system32\nvvitvs.dll --------- 4026368  17/08/2009 03:03     C:\WINDOWS\system32\nvmobls.dll --------- 1286144  17/08/2009 03:03     C:\WINDOWS\system32\nvmccss.dll --------- 188416  17/08/2009 03:03     C:\WINDOWS\system32\nvgames.dll --------- 3547136  17/08/2009 03:03     C:\WINDOWS\system32\nvdisps.dll --------- 4923392  17/08/2009 03:03     C:\WINDOWS\system32\nvmctray.dll --------- 86016  17/08/2009 03:03     C:\WINDOWS\system32\nvcpl.dll --------- 13877248  17/08/2009 03:03     C:\WINDOWS\system32\nvsvc32.exe --------- 168004  17/08/2009 03:03     C:\WINDOWS\system32\NvwsApps.xml --------- 66834  17/08/2009 03:02     C:\WINDOWS\system32\nvmccs.dll --------- 229376  17/08/2009 00:57     C:\WINDOWS\system32\nvcuvenc.dll --------- 1706528  17/08/2009 00:57     C:\WINDOWS\system32\nvdata.bin --------- 1597690  17/08/2009 00:57     C:\WINDOWS\system32\nvoglnt.dll --------- 10457088  17/08/2009 00:57     C:\WINDOWS\system32\nvcuda.dll --------- 2002944  17/08/2009 00:57     C:\WINDOWS\system32\nvapi.dll --------- 868352  17/08/2009 00:57     C:\WINDOWS\system32\nvdisp.nvu --------- 19495  17/08/2009 00:57     C:\WINDOWS\system32\nv4_disp.dll --------- 5845760  17/08/2009 00:57     C:\WINDOWS\system32\nvudisp.exe --------- 485920  17/08/2009 00:57     C:\WINDOWS\system32\nvcuvid.dll --------- 2189856  17/08/2009 00:57     C:\WINDOWS\system32\nvcodins.dll --------- 155648  17/08/2009 00:57     C:\WINDOWS\system32\nvcod.dll --------- 155648  16/08/2009 12:08     C:\WINDOWS\system32\unrar.dll --------- 178176  14/08/2009 13:36     C:\WINDOWS\system32\PhysXLoader.dll --------- 70936  14/08/2009 12:15     C:\WINDOWS\system32\win32k.sys --------- 1850752  13/08/2009 12:21     C:\WINDOWS\system32\jscript.dll --------- 512000  11/08/2009 12:35     C:\WINDOWS\system32\NVUNINST.EXE --------- 485920  06/08/2009 19:24     C:\WINDOWS\system32\wuapi.dll.mui --------- 15584  06/08/2009 19:24     C:\WINDOWS\system32\wuweb.dll --------- 209632  06/08/2009 19:24     C:\WINDOWS\system32\wucltui.dll --------- 327896  06/08/2009 19:24     C:\WINDOWS\system32\wuaucpl.cpl --------- 217816  06/08/2009 19:24     C:\WINDOWS\system32\wups.dll --------- 35552  06/08/2009 19:24     C:\WINDOWS\system32\wups2.dll --------- 44768  06/08/2009 19:24     C:\WINDOWS\system32\wuaueng.dll.mui --------- 18144  06/08/2009 19:24     C:\WINDOWS\system32\wuauclt.exe --------- 53472  06/08/2009 19:24     C:\WINDOWS\system32\wuaucpl.cpl.mui --------- 15584  06/08/2009 19:24     C:\WINDOWS\system32\cdm.dll --------- 96480  06/08/2009 19:23     C:\WINDOWS\system32\wucltui.dll.mui --------- 23256  06/08/2009 19:23     C:\WINDOWS\system32\wuapi.dll --------- 575704  06/08/2009 19:23     C:\WINDOWS\system32\mucltui.dll.mui --------- 17264  06/08/2009 19:23     C:\WINDOWS\system32\wuaueng.dll --------- 1929952  06/08/2009 19:23     C:\WINDOWS\system32\muweb.dll --------- 215920  06/08/2009 19:23     C:\WINDOWS\system32\mucltui.dll --------- 274288  05/08/2009 06:00     C:\WINDOWS\system32\mswebdvd.dll --------- 205312  04/08/2009 14:27     C:\WINDOWS\system32\ntoskrnl.exe --------- 2149376  04/08/2009 14:27     C:\WINDOWS\system32\ntkrnlpa.exe --------- 2028032  03/08/2009 00:21     C:\WINDOWS\system32\PhysXDevice.dll --------- 23320  31/07/2009 10:03     C:\WINDOWS\system32\msxml6.dll --------- 1372672  31/07/2009 01:33     C:\WINDOWS\system32\SET167.tmp --------- 1172480  26/07/2009 16:44     C:\WINDOWS\system32\sirenacm.dll --------- 48448  25/07/2009 05:23     C:\WINDOWS\system32\javaws.exe --------- 149280  25/07/2009 05:23     C:\WINDOWS\system32\javaw.exe --------- 145184  25/07/2009 05:23     C:\WINDOWS\system32\java.exe --------- 145184  25/07/2009 05:23     C:\WINDOWS\system32\deploytk.dll --------- 411368  25/07/2009 03:00     C:\WINDOWS\system32\javacpl.cpl --------- 73728  23/07/2009 17:07     C:\WINDOWS\system32\CatRoot --------- 0  21/07/2009 00:05     C:\WINDOWS\system32\msxml4.dll --------- 1348432  18/07/2009 03:57     C:\WINDOWS\system32\mui --------- 0  18/07/2009 03:57     C:\WINDOWS\system32\XPSViewer --------- 0  18/07/2009 03:57     C:\WINDOWS\system32\pt-br --------- 0  18/07/2009 03:54     C:\WINDOWS\system32\en-us --------- 0  18/07/2009 03:53     C:\WINDOWS\system32\spool --------- 0  18/07/2009 03:51     C:\WINDOWS\system32\xlive --------- 0  16/07/2009 10:02     C:\WINDOWS\system32\pool.bin --------- 256  13/07/2009 21:15     C:\WINDOWS\system32\dpl100.dll --------- 90112  13/07/2009 21:15     C:\WINDOWS\system32\divx.dll --------- 685056  12/07/2009 12:21     C:\WINDOWS\system32\wmp.dll --------- 4874240  12/07/2009 12:21     C:\WINDOWS\system32\wmpdxm.dll --------- 233472 ---------------------------------------- C:\WINDOWS\Prefetch 10/12/2009 03:05     C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf --------- 11846  10/12/2009 03:05     C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf --------- 11764  10/12/2009 03:04     C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-39AFFB8A.pf --------- 7036  10/12/2009 03:04     C:\WINDOWS\Prefetch\FIREFOX.EXE-1362643C.pf --------- 97210  10/12/2009 03:04     C:\WINDOWS\Prefetch\WINRAR.EXE-09D6614C.pf --------- 33046  10/12/2009 03:03     C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf --------- 60952  10/12/2009 03:02     C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-198D7F30.pf --------- 29600  10/12/2009 03:01     C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf --------- 13506  10/12/2009 03:01     C:\WINDOWS\Prefetch\GOOGLETALKPLUGIN.EXE-107D5DED.pf --------- 26376  10/12/2009 03:00     C:\WINDOWS\Prefetch\UPDATE.EXE-02F26B9D.pf --------- 80184  10/12/2009 03:00     C:\WINDOWS\Prefetch\UPDATE.EXE-287597A1.pf --------- 78706  10/12/2009 03:00     C:\WINDOWS\Prefetch\UPDATE.EXE-075A1A28.pf --------- 79766  10/12/2009 03:00     C:\WINDOWS\Prefetch\UPDATE.EXE-294DFAD0.pf --------- 79074  10/12/2009 03:00     C:\WINDOWS\Prefetch\UPDATE.EXE-01A19168.pf --------- 64288  10/12/2009 03:00     C:\WINDOWS\Prefetch\HELPER.EXE-3A31BCA1.pf --------- 52428  10/12/2009 02:59     C:\WINDOWS\Prefetch\AVGUI.EXE-18AFB087.pf --------- 62618  10/12/2009 02:59     C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf --------- 18052  10/12/2009 02:59     C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf --------- 35150  10/12/2009 02:58     C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf --------- 53506  10/12/2009 02:58     C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf --------- 18556  10/12/2009 02:58     C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf --------- 75582  10/12/2009 02:58     C:\WINDOWS\Prefetch\NIRCMD.EXE-2C39EF53.pf --------- 9118  10/12/2009 02:58     C:\WINDOWS\Prefetch\PEV.CFXXE-02C8A4D3.pf --------- 8464  10/12/2009 02:58     C:\WINDOWS\Prefetch\HANDLE.CFXXE-3A21626E.pf --------- 8394  10/12/2009 02:58     C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf --------- 14416  10/12/2009 02:58     C:\WINDOWS\Prefetch\SWXCACLS.CFXXE-0F8095D7.pf --------- 8002  10/12/2009 02:58     C:\WINDOWS\Prefetch\SWREG.CFXXE-17391962.pf --------- 8844  10/12/2009 02:58     C:\WINDOWS\Prefetch\GREP.CFXXE-350016A4.pf --------- 4054  10/12/2009 02:58     C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf --------- 5650  10/12/2009 02:58     C:\WINDOWS\Prefetch\NIRCMD.CFXXE-05436116.pf --------- 10946  10/12/2009 02:58     C:\WINDOWS\Prefetch\SED.CFXXE-3B4964C3.pf --------- 4344  10/12/2009 02:58     C:\WINDOWS\Prefetch\MTEE.CFXXE-32C26232.pf --------- 4524  10/12/2009 02:58     C:\WINDOWS\Prefetch\PEV.EXE-0CE2BF4A.pf --------- 54152  10/12/2009 02:58     C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf --------- 8434  10/12/2009 02:58     C:\WINDOWS\Prefetch\NIRCMDC.CFXXE-101D6E86.pf --------- 8704  10/12/2009 02:58     C:\WINDOWS\Prefetch\PV.CFXXE-232B0D6C.pf --------- 17986  10/12/2009 02:58     C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf --------- 14684  10/12/2009 02:49     C:\WINDOWS\Prefetch\CF19997.CFXXE-2720D632.pf --------- 8152  10/12/2009 02:48     C:\WINDOWS\Prefetch\NIRCMD.CFXXE-351E2F5E.pf --------- 9236  10/12/2009 02:48     C:\WINDOWS\Prefetch\CMD.CFXXE-12A6B182.pf --------- 12190  10/12/2009 02:48     C:\WINDOWS\Prefetch\SWSC.CFXXE-2693FE93.pf --------- 6982  10/12/2009 02:48     C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf --------- 10664  10/12/2009 02:48     C:\WINDOWS\Prefetch\HIDEC.EXE-3B166DB3.pf --------- 4572  10/12/2009 02:48     C:\WINDOWS\Prefetch\PEV.CFXXE-3B65BD28.pf --------- 47760  10/12/2009 02:48     C:\WINDOWS\Prefetch\PV.CFXXE-38A0900B.pf --------- 24160  10/12/2009 02:48     C:\WINDOWS\Prefetch\CSCRIPT.CFXXE-2F5062B6.pf --------- 23514  10/12/2009 02:48     C:\WINDOWS\Prefetch\ATTRIB.CFXXE-18D70E5B.pf --------- 4968  10/12/2009 02:48     C:\WINDOWS\Prefetch\SWXCACLS.CFXXE-1ECB3953.pf --------- 8896  10/12/2009 02:48     C:\WINDOWS\Prefetch\SED.CFXXE-384BB311.pf --------- 4484  10/12/2009 02:48     C:\WINDOWS\Prefetch\NIRCMDC.CFXXE-1A395113.pf --------- 9848  10/12/2009 02:48     C:\WINDOWS\Prefetch\N.PIF-1B75D06C.pf --------- 9048  10/12/2009 02:48     C:\WINDOWS\Prefetch\GREP.CFXXE-005CE245.pf --------- 3704  10/12/2009 02:48     C:\WINDOWS\Prefetch\SWREG.CFXXE-16776A8B.pf --------- 8748  10/12/2009 02:48     C:\WINDOWS\Prefetch\PEV.EXE-2937A365.pf --------- 8782  10/12/2009 02:48     C:\WINDOWS\Prefetch\SWREG.EXE-0937BD77.pf --------- 9690  10/12/2009 02:48     C:\WINDOWS\Prefetch\COMBOFIX.EXE-0CABF8E4.pf --------- 67436  10/12/2009 02:48     C:\WINDOWS\Prefetch\GSAR.CFXXE-064C1B3A.pf --------- 4838  10/12/2009 02:48     C:\WINDOWS\Prefetch\RUNDLL32.EXE-1EE676D0.pf --------- 16690  10/12/2009 02:48     C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf --------- 12206  10/12/2009 02:48     C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf --------- 17012  10/12/2009 02:48     C:\WINDOWS\Prefetch\IEXPLORE.EXE-0A31FE70.pf --------- 8340  10/12/2009 02:48     C:\WINDOWS\Prefetch\IEXPLORE.EXE-12915967.pf --------- 9346  10/12/2009 02:40     C:\WINDOWS\Prefetch\STEAM.EXE-00A6FB77.pf --------- 15236  10/12/2009 02:39     C:\WINDOWS\Prefetch\AVGCMGR.EXE-144224E3.pf --------- 20204  10/12/2009 02:37     C:\WINDOWS\Prefetch\WLCOMM.EXE-0889FC35.pf --------- 22002  10/12/2009 02:37     C:\WINDOWS\Prefetch\MSNMSGR.EXE-304664B4.pf --------- 28126  10/12/2009 02:33     C:\WINDOWS\Prefetch\NOSTALE_UK_20090721.TMP-14B998E8.pf --------- 13852  10/12/2009 02:33     C:\WINDOWS\Prefetch\NOSTALE_UK_20090721.EXE-0BEC310E.pf --------- 15284  10/12/2009 02:29     C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf --------- 64952  10/12/2009 00:43     C:\WINDOWS\Prefetch\Layout.ini --------- 424428  09/12/2009 23:54     C:\WINDOWS\Prefetch\AVGCSRVX.EXE-37924D46.pf --------- 71818  09/12/2009 23:06     C:\WINDOWS\Prefetch\AVGNSX.EXE-20E94814.pf --------- 17654  09/12/2009 23:06     C:\WINDOWS\Prefetch\FIXCFG.EXE-292CBDE3.pf --------- 20446  09/12/2009 23:06     C:\WINDOWS\Prefetch\AVGUPD.EXE-21BABB7D.pf --------- 36074  09/12/2009 23:02     C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf --------- 74564  09/12/2009 22:26     C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf --------- 51922  09/12/2009 21:58     C:\WINDOWS\Prefetch\NOSTALE_UK_20090721.TMP-07E562F4.pf --------- 13130  09/12/2009 21:25     C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf --------- 26686  09/12/2009 21:25     C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf --------- 25684  09/12/2009 21:02     C:\WINDOWS\Prefetch\BIOSHOCK.EXE-1DF13E1D.pf --------- 50836  09/12/2009 20:57     C:\WINDOWS\Prefetch\HPRBUPDATE.EXE-26BA998A.pf --------- 26492  09/12/2009 18:59     C:\WINDOWS\Prefetch\PICASAPHOTOVIEWER.EXE-17C65278.pf --------- 45978  09/12/2009 18:41     C:\WINDOWS\Prefetch\FLASH.EXE-1D775368.pf --------- 29754  09/12/2009 18:41     C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf --------- 25708  09/12/2009 18:23     C:\WINDOWS\Prefetch\DOWNLOADER_NOSTALE_UK.TMP-24F6B0CD.pf --------- 29054  09/12/2009 18:23     C:\WINDOWS\Prefetch\DOWNLOADER_NOSTALE_UK.EXE-1CD612F9.pf --------- 13382  09/12/2009 17:58     C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf --------- 13786  09/12/2009 17:57     C:\WINDOWS\Prefetch\UPDATE.EXE-03792A0D.pf --------- 84244  09/12/2009 17:57     C:\WINDOWS\Prefetch\UPDATE.EXE-139FF174.pf --------- 87390  09/12/2009 17:57     C:\WINDOWS\Prefetch\UPDATE.EXE-036E0096.pf --------- 83296  09/12/2009 17:57     C:\WINDOWS\Prefetch\UPDATE.EXE-120D9768.pf --------- 81782  09/12/2009 17:57     C:\WINDOWS\Prefetch\UPDATE.EXE-04F6B9C0.pf --------- 84638  09/12/2009 17:56     C:\WINDOWS\Prefetch\UPDATE.EXE-13031427.pf --------- 83842  09/12/2009 17:56     C:\WINDOWS\Prefetch\UPDATE.EXE-3092BBF1.pf --------- 82700  09/12/2009 17:56     C:\WINDOWS\Prefetch\UPDATE.EXE-3B75AEB2.pf --------- 79404  09/12/2009 17:56     C:\WINDOWS\Prefetch\UPDATE.EXE-0FE507C9.pf --------- 79412  09/12/2009 17:56     C:\WINDOWS\Prefetch\UPDATE.EXE-188E203A.pf --------- 79846  09/12/2009 17:56     C:\WINDOWS\Prefetch\UPDATE.EXE-029D0474.pf --------- 84610  09/12/2009 17:56     C:\WINDOWS\Prefetch\UPDATE.EXE-23CE706E.pf --------- 80552  09/12/2009 17:56     C:\WINDOWS\Prefetch\UPDATE.EXE-223246F9.pf --------- 84688  09/12/2009 17:56     C:\WINDOWS\Prefetch\UPDATE.EXE-29C6E0CF.pf --------- 82474  09/12/2009 17:56     C:\WINDOWS\Prefetch\UPDATE.EXE-3B2E1E09.pf --------- 86340  09/12/2009 17:55     C:\WINDOWS\Prefetch\UPDATE.EXE-01471E97.pf --------- 80732  09/12/2009 17:55     C:\WINDOWS\Prefetch\UPDATE.EXE-1E6F2180.pf --------- 81724  09/12/2009 17:53     C:\WINDOWS\Prefetch\UPDATE.EXE-06A5794A.pf --------- 80920  09/12/2009 17:53     C:\WINDOWS\Prefetch\UPDATE.EXE-363DDF14.pf --------- 82492  09/12/2009 17:53     C:\WINDOWS\Prefetch\UPDATE.EXE-3B4D9F2A.pf --------- 81090  09/12/2009 17:53     C:\WINDOWS\Prefetch\UPDATE.EXE-0697E344.pf --------- 81840  09/12/2009 17:53     C:\WINDOWS\Prefetch\UPDATE.EXE-39942346.pf --------- 83520  09/12/2009 17:53     C:\WINDOWS\Prefetch\UPDATE.EXE-31BC157F.pf --------- 81290  09/12/2009 17:52     C:\WINDOWS\Prefetch\UPDATE.EXE-1A45F97A.pf --------- 86176  09/12/2009 17:52     C:\WINDOWS\Prefetch\UPDATE.EXE-04A7373B.pf --------- 85524  09/12/2009 17:34     C:\WINDOWS\Prefetch\UPDATE.EXE-192CB974.pf --------- 82168  09/12/2009 17:19     C:\WINDOWS\Prefetch\UPDATE.EXE-374E40A8.pf --------- 78804  09/12/2009 17:19     C:\WINDOWS\Prefetch\UPDATE.EXE-297E56D9.pf --------- 76900  09/12/2009 17:19     C:\WINDOWS\Prefetch\UPDATE.EXE-2A98DD6D.pf --------- 77674  09/12/2009 17:19     C:\WINDOWS\Prefetch\UPDATE.EXE-0142788A.pf --------- 76738  09/12/2009 13:53     C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf --------- 13426  09/12/2009 13:53     C:\WINDOWS\Prefetch\HPQGPC01.EXE-35F7712D.pf --------- 34086  09/12/2009 13:53     C:\WINDOWS\Prefetch\HPQBAM08.EXE-0CE058EF.pf --------- 15750  09/12/2009 13:53     C:\WINDOWS\Prefetch\HPQSTE08.EXE-130D683B.pf --------- 35030  09/12/2009 13:53     C:\WINDOWS\Prefetch\HPRBLOG.EXE-0FC9EFAA.pf --------- 28662  09/12/2009 13:52     C:\WINDOWS\Prefetch\IPODSERVICE.EXE-3ADF8F7D.pf --------- 14124  09/12/2009 13:52     C:\WINDOWS\Prefetch\OSA.EXE-04147CEC.pf --------- 18884  09/12/2009 13:52     C:\WINDOWS\Prefetch\NMINDEXSTORESVR.EXE-2B439C8B.pf --------- 94714  09/12/2009 13:52     C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 1175888  08/12/2009 23:14     C:\WINDOWS\Prefetch\WMPLAYER.EXE-0366FBE9.pf --------- 61216  08/12/2009 23:06     C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf --------- 97858  07/12/2009 14:09     C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf --------- 133658  07/12/2009 14:09     C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf --------- 47592 ---------------------------------------- C:\WINDOWS\Tasks 10/12/2009 03:02     C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1644491937-1801674531-1003UA.job --------- 1136  10/12/2009 02:58     C:\WINDOWS\Tasks\SA.DAT --------- 6  08/12/2009 09:02     C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1644491937-1801674531-1003Core.job --------- 1084  05/12/2009 12:17     C:\WINDOWS\Tasks\AppleSoftwareUpdate.job --------- 300  28/10/2001 09:07     C:\WINDOWS\Tasks\desktop.ini --------- 65 ---------------------------------------- C:\WINDOWS\Temp 10/12/2009 03:05     C:\WINDOWS\Temp\HPZIDS000.log --------- 115  10/12/2009 03:05     C:\WINDOWS\Temp\update000.log --------- 613  10/12/2009 03:05     C:\WINDOWS\Temp\netfxupdate.log --------- 6659  10/12/2009 03:04     C:\WINDOWS\Temp\SilverlightMSI.log --------- 472406  10/12/2009 03:04     C:\WINDOWS\Temp\Silverlight0.log --------- 1918  10/12/2009 03:04     C:\WINDOWS\Temp\Perflib_Perfdata_c10.dat --------- 16384  10/12/2009 03:03     C:\WINDOWS\Temp\NDP1.1sp1-KB953297-X86 --------- 0  10/12/2009 03:03     C:\WINDOWS\Temp\dd_ATL90SP1_KB973924UI7298.txt --------- 26598  10/12/2009 03:03     C:\WINDOWS\Temp\dd_ATL90SP1_KB973924MSI7298.txt --------- 235678  10/12/2009 03:01     C:\WINDOWS\Temp\dd_ATL80SP1_KB973923UI7073.txt --------- 21330  10/12/2009 03:01     C:\WINDOWS\Temp\dd_ATL80SP1_KB973923MSI7073.txt --------- 798550  10/12/2009 02:58     C:\WINDOWS\Temp\hpqddsvc.log --------- 383  10/12/2009 02:50     C:\WINDOWS\Temp\Perflib_Perfdata_7e8.dat --------- 16384 ---------------------------------------- C:\DOCUME~1\adm\CONFIG~1\Temp---------------------------------------- C:\Arquivos de programas---------------------------------------- C:\Documents and Settings\All Users\.. Default User    adm    LocalService    NetworkService    All Users    ---------------------------------------- C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1       localhost---------------------------------------- Nome da imagem            Identi Nome da sessÆo    SessÆo# Uso de mem¢r========================= ====== ================ ======== ============System Idle Process            0 Console                 0         28 KSystem                         4 Console                 0     84.492 Ksmss.exe                     656 Console                 0        400 Kcsrss.exe                    704 Console                 0      4.384 Kwinlogon.exe                 728 Console                 0      4.080 Kservices.exe                 772 Console                 0      3.372 Klsass.exe                    784 Console                 0      5.980 Knvsvc32.exe                  960 Console                 0      4.628 Ksvchost.exe                  992 Console                 0      4.720 Ksvchost.exe                 1060 Console                 0      4.320 Ksvchost.exe                 1156 Console                 0     33.420 Ksvchost.exe                 1276 Console                 0      3.532 Ksvchost.exe                 1356 Console                 0      4.236 Kspoolsv.exe                 1504 Console                 0      5.572 KAppleMobileDeviceService.   1688 Console                 0      2.500 Kavgwdsvc.exe                1700 Console                 0      2.536 KmDNSResponder.exe           1876 Console                 0      3.508 Ksvchost.exe                 1964 Console                 0      5.604 Kjqs.exe                     2024 Console                 0      1.388 Kavgrsx.exe                   372 Console                 0     32.304 Kavgnsx.exe                   380 Console                 0        360 Kmdm.exe                      556 Console                 0      2.916 KPnkBstrA.exe                 416 Console                 0      2.384 KPnkBstrB.exe                1188 Console                 0      2.600 Ksvchost.exe                 1936 Console                 0      4.688 Kwdfmgr.exe                  1992 Console                 0      1.688 Kwinvnc4.exe                  176 Console                 0      3.372 Kavgemc.exe                   244 Console                 0        996 Kavgcsrvx.exe                1448 Console                 0      9.248 Kalg.exe                     3584 Console                 0      3.456 Kexplorer.exe                1604 Console                 0     22.688 Kwuauclt.exe                  828 Console                 0     13.420 Kwuauclt.exe                 3312 Console                 0      8.108 Kmsiexec.exe                 3088 Console                 0     14.116 Kcmd.exe                     2736 Console                 0      1.976 Kupdate.exe                  3828 Console                 0     20.988 Ktasklist.exe                3956 Console                 0      4.260 Kwmiprvse.exe                1732 Console                 0      5.620 K ***** Ende des Scans qui 10/12/2009 um  3:05:53,95 ***    

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seu tópico está voltando a travar. Encerrarei seu caso via MP.

 

1.

*Envie o arquivo abaixo para análise em http://virscan.org

 

c:\windows\system32\Mdtc.exe

Cole o link contendo o resultado.

 

2.

*Clique em [iniciar] > [Executar] > digite: combofix /uninstall

*Clique [OK]

 

92674490.jpg

 

*Clique em [Executar]

*Surgirá a mensagem: "ComboFix está desinstalado"

 

CF4.jpg

 

*Clique [OK]

*Delete o arquivo C:\combofix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.