Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

astronautalouco

[Resolvido] &nbspRemoção de trojan

Recommended Posts

Boa noite equipe Imaster,

 

Meu anti-virus toda hora me alerta sobre um trojan que não consigo remover. Nome Generic 19.LZU nas pastas c:\WINDOWS\system32\dlodf.dll.

 

Obrigado desde já.

 

Segue então o log do hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:36:38, on 13/9/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

c:\firebird\bin\fbguard.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\SYSTEM\HpServ.exe

C:\Arquivos de programas\C&E\OSD\osd.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

c:\firebird\bin\fbserver.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\AVG\AVG9\avgscanx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\hijack\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.160

R3 - URLSearchHook: Thoosje Toolbar - {3ba34663-845a-4931-a6f3-1e033ec342a7} - C:\Arquivos de programas\Thoosje\tbThoo.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Thoosje Toolbar - {3ba34663-845a-4931-a6f3-1e033ec342a7} - C:\Arquivos de programas\Thoosje\tbThoo.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: (no name) - {DF073803-6E52-459A-8EBD-CBBE7960C6C4} - c:\windows\system32\dlodf.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Thoosje Toolbar - {3ba34663-845a-4931-a6f3-1e033ec342a7} - C:\Arquivos de programas\Thoosje\tbThoo.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [OSD] C:\Arquivos de programas\C&E\OSD\osd.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Arquivos de programas\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\Vista Drive Icon\DrvIcon.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [grcnxto] C:\WINDOWS\system32\uva81xsty8.exe

O4 - HKCU\..\Run: [abgchdy] C:\WINDOWS\system32\o1f703m0nd.exe

O4 - HKCU\..\Run: [abrhi3y] C:\WINDOWS\system32\86m81yj.exe

O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Arquivos de programas\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - c:\firebird\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - c:\firebird\bin\fbserver.exe

O23 - Service: Gerenciador do Google Desktop 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: HP S&P Authorization Service (srvcHP2) - SQUADRA Tecnologia - C:\WINDOWS\SYSTEM\HpServ.exe

 

--

End of file - 9103 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite....

 

 

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

 

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao finalizar o scan, clique [sIM] > [OK] > [Mostrar Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue conforme orientação...

 

Obs. Apareceu uma mensagem dizendo que nem todos os itens puderam ser removidos.

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4607

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

13/9/2010 12:46:42

mbam-log-2010-09-13 (12-46-42).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 176207

Tempo decorrido: 34 minuto(s), 2 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 2

Itens de Dados no Registro Infectados: 6

Pastas Infectadas: 0

Arquivos Infectados: 2

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.

 

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-4711532196-5083582120-424796509-3443\yv8g67.exe,C:\Documents and Settings\Jones\Dados de aplicativos\vgdoqo.exe,C:\RECYCLER\S-1-5-21-6415712704-0534000404-847326723-9235\nissan.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0336135900-8476058762-401952557-1737\winsystem.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Documents and Settings\Jones\Configurações locais\Temp\77240.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones\Configurações locais\Temporary Internet Files\Content.IE5\6XK3C5OP\3[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Desative temporariamente seu antivírus

 

  Citar
Clique em [iniciar] > [Programas] > [AVG]

Abra a Interface do usuário do AVG

Duplo clique na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique [sIM] para instalar e depois [sIM] para continuar.

 

recovery-console-prompt.jpg

 

recovery-console-installed.jpg

 

*Aguarde a conclusão de todas as etapas

 

etapas.jpg

 

*Evite usar o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER]

 

*Ao finalizar, o relatório C:\combofix.txt será apresentado.

*Cole-o na próxima resposta.

 

*Se for reiniciar o PC haverá uma opção, na inicialização, chamada Console de Recuperação. Não entre no Windows através do mesmo desde que devidamente orientado(a)!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue log do combofix:

 

ComboFix 10-09-13.01 - Jones 13/09/2010 20:51:55.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1917.1444 [GMT -3:00]

Executando de: c:\documents and settings\Jones\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Jones\Recent\Thumbs.db

c:\windows\desktop

c:\windows\desktop\Backup Lundi.lnk

c:\windows\Fonts\barras2.ttf

c:\windows\system32\AutoRun.inf

 

A cópia de c:\windows\system32\drivers\mouclass.sys foi encontrada e desinfectada

Cópia restaurada de - Kitty had a snack :P

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-13 to 2010-09-13 ))))))))))))))))))))))))))))

.

 

2010-09-13 15:07 . 2010-09-13 15:07 -------- d-----w- c:\documents and settings\Jones\Dados de aplicativos\Malwarebytes

2010-09-13 15:07 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-13 15:07 . 2010-09-13 15:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-09-13 15:07 . 2010-09-13 15:07 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-09-13 15:07 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-13 03:35 . 2010-09-13 03:36 -------- d-----w- C:\hijack

2010-09-10 19:28 . 2010-09-10 19:28 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-09-10 04:25 . 2010-09-10 04:26 -------- d-----w- c:\arquivos de programas\Real

2010-09-10 04:25 . 2010-09-10 04:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-09-06 15:37 . 2010-06-30 17:22 2102600 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar\IEToolbar.dll

2010-09-06 14:36 . 2010-09-06 14:36 -------- d-----w- C:\$AVG

2010-09-06 14:36 . 2010-09-06 14:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-09-06 14:36 . 2010-09-06 14:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-09-06 14:35 . 2010-09-06 14:35 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-09-06 14:35 . 2010-09-06 14:35 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-09-06 14:35 . 2010-09-13 23:09 -------- d-----w- c:\windows\system32\drivers\Avg

2010-09-06 14:35 . 2010-09-06 15:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar

2010-09-06 14:35 . 2010-09-13 23:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-09-06 14:35 . 2010-09-06 14:35 -------- d-----w- c:\arquivos de programas\AVG

2010-09-04 21:06 . 2010-09-04 21:06 0 ----a-w- c:\windows\nsreg.dat

2010-08-30 14:19 . 2010-08-30 14:35 -------- d-----w- C:\MAUA_O_IMPERADOR_E_O_REI

2010-08-26 15:21 . 2010-08-26 15:35 -------- d-----w- C:\ALINE_BARROS

2010-08-26 14:46 . 2010-08-26 15:16 -------- d-----w- C:\MEN_OF_HONOR

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-10 04:26 . 2010-09-10 04:26 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-09-10 04:26 . 2010-09-10 04:26 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-09-10 04:26 . 2010-09-10 04:26 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-09-10 04:26 . 2010-09-10 04:26 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-09-10 04:26 . 2010-09-10 04:26 49152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-09-10 04:26 . 2010-09-10 04:26 40960 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-09-10 04:26 . 2010-09-10 04:26 308808 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-09-10 04:26 . 2010-09-10 04:26 14848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-09-10 04:26 . 2010-09-10 04:26 341600 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-09-10 04:26 . 2010-09-10 04:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-09-10 04:25 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-09-09 18:55 . 2009-09-09 12:44 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-09-09 18:55 . 2009-09-09 12:44 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-09-09 18:54 . 2009-09-09 13:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Corel

2010-09-08 16:20 . 2001-10-28 15:07 50002 ----a-w- c:\windows\system32\perfc016.dat

2010-09-08 16:20 . 2001-10-28 15:07 347886 ----a-w- c:\windows\system32\perfh016.dat

2010-09-06 20:39 . 2010-09-06 20:39 0 ----a-w- c:\windows\system32\dloDF.tmp

2010-09-04 20:42 . 2010-02-07 17:53 -------- d-----w- c:\arquivos de programas\Google

2010-08-30 13:54 . 2010-03-08 22:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2010-08-25 03:02 . 2010-01-22 20:37 -------- d-----w- c:\arquivos de programas\Oi Velox

2010-08-24 13:23 . 2010-02-05 12:53 -------- d-----w- c:\arquivos de programas\HP

2010-08-24 13:20 . 2010-02-05 12:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-08-12 21:04 . 2009-11-20 00:23 -------- d-----w- c:\documents and settings\Jones\Dados de aplicativos\Free Audio Editor

2010-08-12 20:51 . 2009-11-20 00:22 -------- d-----w- c:\arquivos de programas\Free Audio Editor

2010-08-10 19:05 . 2010-06-02 18:59 -------- d-----w- c:\arquivos de programas\Bible

2010-09-04 19:32 . 2010-09-06 13:55 119808 ----a-w- c:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{3ba34663-845a-4931-a6f3-1e033ec342a7}"= "c:\arquivos de programas\Thoosje\tbThoo.dll" [2009-11-09 2331672]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

 

[HKEY_CLASSES_ROOT\clsid\{3ba34663-845a-4931-a6f3-1e033ec342a7}]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ba34663-845a-4931-a6f3-1e033ec342a7}]

2009-11-09 21:38 2331672 ------w- c:\arquivos de programas\Thoosje\tbThoo.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-06-30 17:22 2102600 ----a-w- c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

"{3ba34663-845a-4931-a6f3-1e033ec342a7}"= "c:\arquivos de programas\Thoosje\tbThoo.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CLASSES_ROOT\clsid\{3ba34663-845a-4931-a6f3-1e033ec342a7}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

"{3BA34663-845A-4931-A6F3-1E033EC342A7}"= "c:\arquivos de programas\Thoosje\tbThoo.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CLASSES_ROOT\clsid\{3ba34663-845a-4931-a6f3-1e033ec342a7}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-06-25 53248]

"OSD"="c:\arquivos de programas\C&E\OSD\osd.exe" [2007-08-28 671801]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-02 630784]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2006-04-19 421888]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"CloneDVDElbyDelay"="c:\arquivos de programas\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 45056]

"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-07-24 77824]

"Google Desktop Search"="c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-04 30192]

"AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2010-09-06 2065760]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-09-10 202256]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-7-16 262144]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-09-06 14:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7559:TCP"= 7559:TCP:xmdncaya

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/9/2010 11:35 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/9/2010 11:36 243024]

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [14/7/2010 20:57 81920]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [6/9/2010 11:35 308136]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\firebird\bin\fbguard.exe -s --> c:\firebird\bin\fbguard.exe -s [?]

R2 hpinst;hpinst;c:\windows\system32\drivers\hpinst.sys [14/8/2009 14:44 7296]

R2 srvcHP2;HP S&P Authorization Service;c:\windows\system\HpServ.exe [21/7/2004 04:02 691200]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\firebird\bin\fbserver.exe -s --> c:\firebird\bin\fbserver.exe -s [?]

S0 lxdyskdz;lxdyskdz;c:\windows\system32\drivers\lxdyskdz.sys --> c:\windows\system32\drivers\lxdyskdz.sys [?]

S2 dfsltrdv; de filtro de tráfego IPMonitor;c:\windows\System32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [4/9/2010 17:42 136176]

S2 obytvl;Shell Boot;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\arquivos de programas\AVG\AVG9\Toolbar\ToolbarBroker.exe [6/9/2010 11:35 431432]

S3 GoogleDesktopManager-051210-111108;Gerenciador do Google Desktop 5.9.1005.12335;c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [7/2/2010 14:53 30192]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [16/7/2009 09:51 264576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

dfsltrdv

obytvl

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

 

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

 

2010-09-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1060284298-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

 

2010-09-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1060284298-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = 192.168.10.160

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

FF - ProfilePath - c:\documents and settings\Jones\Dados de aplicativos\Mozilla\Firefox\Profiles\sb2s2u71.default\

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{DF073803-6E52-459A-8EBD-CBBE7960C6C4} - c:\windows\system32\dlodf.dll

HKCU-Run-grcnxto - c:\windows\system32\uva81xsty8.exe

HKCU-Run-abgchdy - c:\windows\system32\o1f703m0nd.exe

HKCU-Run-abrhi3y - c:\windows\system32\86m81yj.exe

HKLM-Run-DrvIcon - c:\arquivos de programas\Vista Drive Icon\DrvIcon.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-13 20:59

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\obytvl]

"ServiceDll"="c:\windows\system32\pombaii.dll"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\firebird\bin\fbguard.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\windows\system32\wdfmgr.exe

c:\firebird\bin\fbserver.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

.

**************************************************************************

.

Tempo para conclusão: 2010-09-13 21:01:36 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-09-14 00:01

 

Pré-execução: 29 pasta(s) 52.816.535.552 bytes disponíveis

Pós execução: 32 pasta(s) 53.472.706.560 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 7A90D29AE3C480A65FADF53F598AE1A5

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Abra o bloco de notas e cole nele o código abaixo:

 

  Citar
File::

c:\windows\system32\drivers\lxdyskdz.sys

c:\windows\system32\pombaii.dll

FileLook::

c:\windows\system32\dloDF.tmp

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7559:TCP"=-

NetSvc::

obytvl

dfsltrdv

Driver::

obytvl

dfsltrdv

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

CFScript.gif

 

*Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório C:\combofix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-09-13.01 - Jones 17/09/2010 10:54:58.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1917.1289 [GMT -3:00]

Executando de: c:\documents and settings\Jones\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Jones\Desktop\CFScript.tx.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

FILE ::

"c:\windows\system32\drivers\lxdyskdz.sys"

"c:\windows\system32\pombaii.dll"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DFSLTRDV

-------\Legacy_OBYTVL

-------\Service_dfsltrdv

-------\Service_obytvl

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-17 to 2010-09-17 ))))))))))))))))))))))))))))

.

 

2010-09-17 02:16 . 2010-09-17 02:16 -------- d-----w- c:\windows\system32\KB905474

2010-09-16 12:34 . 2010-09-16 12:34 -------- d-----w- c:\arquivos de programas\MSXML 6.0

2010-09-16 12:32 . 2010-09-16 12:32 -------- d-----w- c:\windows\ServicePackFiles

2010-09-16 02:43 . 2008-06-14 17:59 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-09-16 02:43 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-09-16 02:42 . 2010-02-16 19:33 2185600 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-09-16 02:42 . 2010-02-16 19:33 2141184 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-09-16 02:42 . 2010-02-16 19:33 2062592 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-09-16 02:42 . 2010-02-16 19:32 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-09-16 02:24 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-09-16 01:57 . 2010-09-16 01:57 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-09-15 21:17 . 2010-09-17 02:15 -------- d--h--w- c:\windows\$hf_mig$

2010-09-13 15:07 . 2010-09-13 15:07 -------- d-----w- c:\documents and settings\Jones\Dados de aplicativos\Malwarebytes

2010-09-13 15:07 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-13 15:07 . 2010-09-13 15:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-09-13 15:07 . 2010-09-13 15:07 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-09-13 15:07 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-13 03:35 . 2010-09-13 03:36 -------- d-----w- C:\hijack

2010-09-10 19:28 . 2010-09-10 19:28 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-09-10 04:25 . 2010-09-10 04:26 -------- d-----w- c:\arquivos de programas\Real

2010-09-10 04:25 . 2010-09-10 04:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-09-06 15:37 . 2010-06-30 17:22 2102600 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar\IEToolbar.dll

2010-09-06 14:36 . 2010-09-06 14:36 -------- d-----w- C:\$AVG

2010-09-06 14:36 . 2010-09-06 14:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-09-06 14:36 . 2010-09-06 14:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-09-06 14:35 . 2010-09-06 14:35 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-09-06 14:35 . 2010-09-06 14:35 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-09-06 14:35 . 2010-09-17 13:49 -------- d-----w- c:\windows\system32\drivers\Avg

2010-09-06 14:35 . 2010-09-06 15:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar

2010-09-06 14:35 . 2010-09-13 23:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-09-06 14:35 . 2010-09-06 14:35 -------- d-----w- c:\arquivos de programas\AVG

2010-09-04 21:06 . 2010-09-04 21:06 0 ----a-w- c:\windows\nsreg.dat

2010-08-30 14:19 . 2010-08-30 14:35 -------- d-----w- C:\MAUA_O_IMPERADOR_E_O_REI

2010-08-26 15:21 . 2010-08-26 15:35 -------- d-----w- C:\ALINE_BARROS

2010-08-26 14:46 . 2010-08-26 15:16 -------- d-----w- C:\MEN_OF_HONOR

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-17 13:46 . 2001-10-28 15:07 50002 ----a-w- c:\windows\system32\perfc016.dat

2010-09-17 13:46 . 2001-10-28 15:07 347886 ----a-w- c:\windows\system32\perfh016.dat

2010-09-10 04:26 . 2010-09-10 04:26 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-09-10 04:26 . 2010-09-10 04:26 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-09-10 04:26 . 2010-09-10 04:26 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-09-10 04:26 . 2010-09-10 04:26 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-09-10 04:26 . 2010-09-10 04:26 49152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-09-10 04:26 . 2010-09-10 04:26 40960 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-09-10 04:26 . 2010-09-10 04:26 308808 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-09-10 04:26 . 2010-09-10 04:26 14848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-09-10 04:26 . 2010-09-10 04:26 341600 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-09-10 04:26 . 2010-09-10 04:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-09-10 04:25 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-09-09 18:55 . 2009-09-09 12:44 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-09-09 18:55 . 2009-09-09 12:44 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-09-09 18:54 . 2009-09-09 13:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Corel

2010-09-06 20:39 . 2010-09-06 20:39 0 ----a-w- c:\windows\system32\dloDF.tmp

2010-09-04 20:42 . 2010-02-07 17:53 -------- d-----w- c:\arquivos de programas\Google

2010-08-30 13:54 . 2010-03-08 22:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2010-08-25 03:02 . 2010-01-22 20:37 -------- d-----w- c:\arquivos de programas\Oi Velox

2010-08-24 13:23 . 2010-02-05 12:53 -------- d-----w- c:\arquivos de programas\HP

2010-08-24 13:20 . 2010-02-05 12:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-08-12 21:04 . 2009-11-20 00:23 -------- d-----w- c:\documents and settings\Jones\Dados de aplicativos\Free Audio Editor

2010-08-12 20:51 . 2009-11-20 00:22 -------- d-----w- c:\arquivos de programas\Free Audio Editor

2010-08-10 19:05 . 2010-06-02 18:59 -------- d-----w- c:\arquivos de programas\Bible

2010-09-04 19:32 . 2010-09-06 13:55 119808 ----a-w- c:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

--- c:\windows\system32\dloDF.tmp ---

Company: ------

File Description: ------

File Version: ------

Product Name: ------

Copyright: ------

Original Filename: ------

File size: 0

Created time: 2010-09-06 20:39

Modified time: 2010-09-06 20:39

MD5: D41D8CD98F00B204E9800998ECF8427E

SHA1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

 

 

((((((((((((((((((((((((((((( SnapShot@2010-09-13_23.59.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 03:45 . 2009-06-25 08:46 59392 c:\windows\system32\wdigest.dll

+ 2010-09-16 01:42 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe

+ 2004-08-04 03:45 . 2009-06-15 11:33 81408 c:\windows\system32\tlntsess.exe

+ 2004-08-04 03:45 . 2009-06-15 11:33 77824 c:\windows\system32\telnet.exe

+ 2009-07-16 13:06 . 2008-07-09 07:34 26488 c:\windows\system32\spupdsvc.exe

+ 2010-09-15 21:17 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll

+ 2004-08-04 03:45 . 2009-06-25 08:46 56320 c:\windows\system32\secur32.dll

+ 2001-10-28 15:07 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe

- 2004-08-04 03:45 . 2004-08-04 03:45 69632 c:\windows\system32\raschap.dll

+ 2004-08-04 03:45 . 2009-10-12 13:52 69632 c:\windows\system32\raschap.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 39424 c:\windows\system32\pngfilt.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 39424 c:\windows\system32\pngfilt.dll

+ 2001-10-28 15:07 . 2010-09-17 13:46 41170 c:\windows\system32\perfc009.dat

- 2001-10-28 15:07 . 2010-09-08 16:20 41170 c:\windows\system32\perfc009.dat

+ 2009-07-15 16:24 . 2008-06-12 14:18 91648 c:\windows\system32\mtxoci.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 66560 c:\windows\system32\mtxclu.dll

+ 2004-08-04 03:45 . 2008-06-12 14:18 66560 c:\windows\system32\mtxclu.dll

+ 2004-08-04 00:45 . 2009-11-27 17:34 17920 c:\windows\system32\msyuv.dll

+ 2001-10-28 15:07 . 2009-11-27 16:40 28672 c:\windows\system32\msvidc32.dll

+ 2004-08-04 03:45 . 2009-11-27 16:40 11264 c:\windows\system32\msrle32.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 11264 c:\windows\system32\msrle32.dll

+ 2004-08-04 03:45 . 2005-05-04 17:45 15360 c:\windows\system32\msisip.dll

+ 2004-08-04 03:45 . 2005-05-04 17:45 78848 c:\windows\system32\msiexec.exe

- 2009-07-15 16:24 . 2004-08-04 03:45 58880 c:\windows\system32\msdtclog.dll

+ 2009-07-15 16:24 . 2008-06-12 14:18 58880 c:\windows\system32\msdtclog.dll

+ 2004-08-04 03:45 . 2008-06-24 16:24 74240 c:\windows\system32\mscms.dll

+ 2004-08-04 03:45 . 2009-09-04 20:46 58880 c:\windows\system32\msasn1.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 48640 c:\windows\system32\mqupgrd.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 48640 c:\windows\system32\mqupgrd.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 95744 c:\windows\system32\mqsec.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 95744 c:\windows\system32\mqsec.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 16896 c:\windows\system32\mqise.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 16896 c:\windows\system32\mqise.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 47104 c:\windows\system32\mqdscli.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 47104 c:\windows\system32\mqdscli.dll

+ 2004-08-04 03:45 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe

- 2004-08-04 03:45 . 2004-08-04 03:45 19968 c:\windows\system32\mqbkup.exe

- 2004-08-04 03:45 . 2005-01-28 04:21 96768 c:\windows\system32\logagent.exe

+ 2004-08-04 03:45 . 2008-06-10 08:52 96768 c:\windows\system32\logagent.exe

+ 2004-08-04 03:45 . 2010-04-16 15:36 16384 c:\windows\system32\jsproxy.dll

+ 2004-08-04 00:45 . 2009-11-27 16:40 48128 c:\windows\system32\iyuv_32.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 96768 c:\windows\system32\inseng.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 96768 c:\windows\system32\inseng.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 81920 c:\windows\system32\ieencode.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 81920 c:\windows\system32\ieencode.dll

+ 2001-10-28 15:06 . 2009-10-15 17:21 82432 c:\windows\system32\fontsub.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 55808 c:\windows\system32\extmgr.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 55808 c:\windows\system32\extmgr.dll

+ 2004-08-04 01:58 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys

+ 2004-08-04 01:59 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys

+ 2004-08-04 03:45 . 2009-06-25 08:46 59392 c:\windows\system32\dllcache\wdigest.dll

+ 2004-08-04 03:45 . 2009-06-15 11:33 81408 c:\windows\system32\dllcache\tlntsess.exe

+ 2004-08-04 03:45 . 2009-06-15 11:33 77824 c:\windows\system32\dllcache\telnet.exe

+ 2004-08-04 03:45 . 2009-06-25 08:46 56320 c:\windows\system32\dllcache\secur32.dll

+ 2001-10-28 15:07 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe

- 2004-08-04 03:45 . 2004-08-04 03:45 69632 c:\windows\system32\dllcache\raschap.dll

+ 2004-08-04 03:45 . 2009-10-12 13:52 69632 c:\windows\system32\dllcache\raschap.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 39424 c:\windows\system32\dllcache\pngfilt.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 39424 c:\windows\system32\dllcache\pngfilt.dll

+ 2009-07-15 16:24 . 2008-06-12 14:18 91648 c:\windows\system32\dllcache\mtxoci.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 66560 c:\windows\system32\dllcache\mtxclu.dll

+ 2004-08-04 03:45 . 2008-06-12 14:18 66560 c:\windows\system32\dllcache\mtxclu.dll

+ 2009-11-27 17:34 . 2009-11-27 17:34 17920 c:\windows\system32\dllcache\msyuv.dll

+ 2001-10-28 15:07 . 2009-11-27 16:40 28672 c:\windows\system32\dllcache\msvidc32.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 11264 c:\windows\system32\dllcache\msrle32.dll

+ 2004-08-04 03:45 . 2009-11-27 16:40 11264 c:\windows\system32\dllcache\msrle32.dll

+ 2004-08-04 03:45 . 2005-05-04 17:45 15360 c:\windows\system32\dllcache\msisip.dll

+ 2004-08-04 03:45 . 2005-05-04 17:45 78848 c:\windows\system32\dllcache\msiexec.exe

- 2009-07-15 16:24 . 2004-08-04 03:45 58880 c:\windows\system32\dllcache\msdtclog.dll

+ 2009-07-15 16:24 . 2008-06-12 14:18 58880 c:\windows\system32\dllcache\msdtclog.dll

+ 2004-08-04 03:45 . 2008-06-24 16:24 74240 c:\windows\system32\dllcache\mscms.dll

+ 2004-08-04 03:45 . 2009-09-04 20:46 58880 c:\windows\system32\dllcache\msasn1.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 48640 c:\windows\system32\dllcache\mqupgrd.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 95744 c:\windows\system32\dllcache\mqsec.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 16896 c:\windows\system32\dllcache\mqise.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 47104 c:\windows\system32\dllcache\mqdscli.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 19968 c:\windows\system32\dllcache\mqbkup.exe

+ 2004-08-04 03:45 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe

+ 2004-08-04 01:58 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys

+ 2004-08-04 03:45 . 2008-06-10 08:52 96768 c:\windows\system32\dllcache\logagent.exe

- 2004-08-04 03:45 . 2005-01-28 04:21 96768 c:\windows\system32\dllcache\logagent.exe

+ 2004-08-04 01:59 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys

+ 2004-08-04 03:45 . 2010-04-16 15:36 16384 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-11-27 16:40 . 2009-11-27 16:40 48128 c:\windows\system32\dllcache\iyuv_32.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 96768 c:\windows\system32\dllcache\inseng.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 96768 c:\windows\system32\dllcache\inseng.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 81920 c:\windows\system32\dllcache\ieencode.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 81920 c:\windows\system32\dllcache\ieencode.dll

- 2009-07-15 16:26 . 2004-08-04 03:45 18432 c:\windows\system32\dllcache\iedw.exe

+ 2009-07-15 16:26 . 2010-04-16 13:36 18432 c:\windows\system32\dllcache\iedw.exe

+ 2001-10-28 15:06 . 2009-10-15 17:21 82432 c:\windows\system32\dllcache\fontsub.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 55808 c:\windows\system32\dllcache\extmgr.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 55808 c:\windows\system32\dllcache\extmgr.dll

+ 2004-08-04 03:45 . 2009-12-14 07:36 33280 c:\windows\system32\dllcache\csrsrv.dll

+ 2009-07-15 16:24 . 2005-07-26 04:40 60416 c:\windows\system32\dllcache\colbact.dll

+ 2004-08-04 03:45 . 2010-01-13 14:09 86016 c:\windows\system32\dllcache\cabview.dll

+ 2004-08-04 03:45 . 2009-11-27 16:40 85504 c:\windows\system32\dllcache\avifil32.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 85504 c:\windows\system32\dllcache\avifil32.dll

+ 2004-08-04 03:45 . 2009-07-17 18:57 58880 c:\windows\system32\dllcache\atl.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 58880 c:\windows\system32\dllcache\atl.dll

+ 2004-08-04 03:45 . 2010-03-05 14:55 65536 c:\windows\system32\dllcache\asycfilt.dll

+ 2004-08-04 03:45 . 2009-12-14 07:36 33280 c:\windows\system32\csrsrv.dll

+ 2009-07-15 16:24 . 2005-07-26 04:40 60416 c:\windows\system32\colbact.dll

+ 2004-08-04 03:45 . 2010-01-13 14:09 86016 c:\windows\system32\cabview.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 85504 c:\windows\system32\avifil32.dll

+ 2004-08-04 03:45 . 2009-11-27 16:40 85504 c:\windows\system32\avifil32.dll

+ 2004-08-04 03:45 . 2009-07-17 18:57 58880 c:\windows\system32\atl.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 58880 c:\windows\system32\atl.dll

+ 2004-08-04 03:45 . 2010-03-05 14:55 65536 c:\windows\system32\asycfilt.dll

+ 2010-09-16 01:57 . 2010-09-16 01:57 38400 c:\windows\Installer\2727e2.msi

+ 2010-09-16 01:57 . 2010-09-16 01:57 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2009-11-27 17:34 . 2009-11-27 17:34 17920 c:\windows\Driver Cache\i386\msyuv.dll

+ 2009-11-27 16:40 . 2009-11-27 16:40 48128 c:\windows\Driver Cache\i386\iyuv_32.dll

+ 2001-09-05 23:50 . 2009-11-27 16:40 8704 c:\windows\system32\tsbyuv.dll

+ 2004-08-04 03:45 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe

- 2004-08-04 03:45 . 2004-08-04 03:45 4608 c:\windows\system32\mqsvc.exe

+ 2009-11-27 16:40 . 2009-11-27 16:40 8704 c:\windows\system32\dllcache\tsbyuv.dll

+ 2004-08-04 03:45 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe

- 2004-08-04 03:45 . 2004-08-04 03:45 4608 c:\windows\system32\dllcache\mqsvc.exe

+ 2009-11-27 16:40 . 2009-11-27 16:40 8704 c:\windows\Driver Cache\i386\tsbyuv.dll

+ 2008-02-17 07:33 . 2010-04-16 13:47 361984 c:\windows\system32\xpsp3res.dll

+ 2004-08-04 03:45 . 2009-04-10 04:01 413032 c:\windows\system32\wmspdmod.dll

+ 2004-08-04 03:45 . 2009-07-13 13:08 286720 c:\windows\system32\wmpdxm.dll

+ 2004-08-04 03:45 . 2007-10-20 09:01 227328 c:\windows\system32\wmasf.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 132096 c:\windows\system32\wkssvc.dll

+ 2004-08-04 03:45 . 2009-06-10 06:31 132096 c:\windows\system32\wkssvc.dll

+ 2004-08-04 03:45 . 2009-12-24 07:06 177664 c:\windows\system32\wintrust.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 664064 c:\windows\system32\wininet.dll

+ 2004-08-04 03:45 . 2008-12-16 12:50 351232 c:\windows\system32\winhttp.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 351232 c:\windows\system32\winhttp.dll

+ 2009-07-15 16:24 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe

+ 2009-07-15 16:24 . 2009-02-09 10:19 453120 c:\windows\system32\wbem\wmiprvsd.dll

+ 2009-07-15 16:24 . 2009-02-09 10:19 473088 c:\windows\system32\wbem\fastprox.dll

+ 2004-08-04 03:45 . 2010-03-10 08:03 417792 c:\windows\system32\vbscript.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 417792 c:\windows\system32\vbscript.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 625664 c:\windows\system32\urlmon.dll

+ 2004-08-04 03:45 . 2009-10-16 01:51 119808 c:\windows\system32\t2embed.dll

+ 2004-08-04 03:45 . 2009-08-26 08:15 247326 c:\windows\system32\strmdll.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 474112 c:\windows\system32\shlwapi.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll

+ 2004-08-04 03:45 . 2009-02-09 10:08 111104 c:\windows\system32\services.exe

+ 2004-08-04 03:45 . 2009-06-25 08:46 168448 c:\windows\system32\schannel.dll

+ 2004-08-04 03:45 . 2009-02-09 10:19 399360 c:\windows\system32\rpcss.dll

+ 2004-08-04 03:45 . 2009-04-15 15:17 584192 c:\windows\system32\rpcrt4.dll

+ 2004-08-04 03:45 . 2009-10-12 13:52 112640 c:\windows\system32\rastls.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 112640 c:\windows\system32\rastls.dll

+ 2001-10-28 15:07 . 2010-09-17 13:46 314842 c:\windows\system32\perfh009.dat

- 2001-10-28 15:07 . 2010-09-08 16:20 314842 c:\windows\system32\perfh009.dat

- 2004-08-04 03:45 . 2004-08-04 03:45 285696 c:\windows\system32\pdh.dll

+ 2004-08-04 03:45 . 2009-03-06 14:46 285696 c:\windows\system32\pdh.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 267776 c:\windows\system32\oakley.dll

+ 2004-08-04 03:45 . 2009-10-13 10:52 267776 c:\windows\system32\oakley.dll

+ 2004-08-04 03:45 . 2009-02-09 10:19 730624 c:\windows\system32\ntdll.dll

+ 2004-08-04 03:45 . 2008-10-15 16:59 332800 c:\windows\system32\netapi32.dll

+ 2004-08-04 03:45 . 2008-06-20 17:41 247808 c:\windows\system32\mswsock.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 247808 c:\windows\system32\mswsock.dll

+ 2004-08-04 03:45 . 2009-08-05 09:06 205312 c:\windows\system32\mswebdvd.dll

+ 2004-08-04 03:45 . 2009-09-11 14:35 133632 c:\windows\system32\msv1_0.dll

+ 2009-07-15 16:24 . 2009-06-05 07:48 655872 c:\windows\system32\mstscax.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 532480 c:\windows\system32\mstime.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 146432 c:\windows\system32\msrating.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 146432 c:\windows\system32\msrating.dll

+ 2009-07-15 16:24 . 2009-12-17 07:59 345600 c:\windows\system32\mspaint.exe

- 2009-07-15 16:24 . 2004-08-04 03:45 345600 c:\windows\system32\mspaint.exe

- 2004-08-04 03:44 . 2004-08-04 03:44 884736 c:\windows\system32\msimsg.dll

+ 2004-08-04 03:44 . 2005-05-04 17:45 884736 c:\windows\system32\msimsg.dll

+ 2004-08-04 03:45 . 2005-05-04 17:45 271360 c:\windows\system32\msihnd.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 449024 c:\windows\system32\mshtmled.dll

+ 2009-07-15 16:24 . 2008-06-12 14:18 161792 c:\windows\system32\msdtcuiu.dll

+ 2009-07-15 16:24 . 2008-06-12 14:18 956928 c:\windows\system32\msdtctm.dll

+ 2009-07-15 16:24 . 2008-06-12 14:18 428032 c:\windows\system32\msdtcprx.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 523776 c:\windows\system32\mqutil.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 523776 c:\windows\system32\mqutil.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 186880 c:\windows\system32\mqtrig.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 186880 c:\windows\system32\mqtrig.dll

+ 2004-08-04 03:45 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe

- 2004-08-04 03:45 . 2004-08-04 03:45 117248 c:\windows\system32\mqtgsvc.exe

+ 2004-08-04 03:45 . 2009-06-25 18:36 517120 c:\windows\system32\mqsnap.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 123392 c:\windows\system32\mqrtdep.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 123392 c:\windows\system32\mqrtdep.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 177152 c:\windows\system32\mqrt.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 177152 c:\windows\system32\mqrt.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 661504 c:\windows\system32\mqqm.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 225280 c:\windows\system32\mqoa.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 225280 c:\windows\system32\mqoa.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 138240 c:\windows\system32\mqad.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 138240 c:\windows\system32\mqad.dll

+ 2004-08-04 03:45 . 2009-06-25 08:46 727040 c:\windows\system32\lsasrv.dll

+ 2004-08-04 03:45 . 2009-05-07 15:43 345600 c:\windows\system32\localspl.dll

+ 2004-08-04 03:45 . 2009-06-25 08:46 298496 c:\windows\system32\kerberos.dll

+ 2010-09-17 02:16 . 2009-03-11 01:18 454536 c:\windows\system32\KB905474\wgasetup.exe

+ 2004-08-04 03:45 . 2009-08-21 06:51 450560 c:\windows\system32\jscript.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 450560 c:\windows\system32\jscript.dll

+ 2009-07-15 16:26 . 2010-01-29 15:07 683520 c:\windows\system32\inetcomm.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 251392 c:\windows\system32\iepeers.dll

+ 2004-08-04 03:45 . 2008-10-23 13:00 283648 c:\windows\system32\gdi32.dll

- 2009-07-15 12:59 . 2010-08-10 02:07 236760 c:\windows\system32\FNTCACHE.DAT

+ 2009-07-15 12:59 . 2010-09-17 13:42 236760 c:\windows\system32\FNTCACHE.DAT

+ 2004-08-04 03:45 . 2008-07-07 20:31 253952 c:\windows\system32\es.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 205312 c:\windows\system32\dxtrans.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 357888 c:\windows\system32\dxtmsft.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 357888 c:\windows\system32\dxtmsft.dll

+ 2004-08-04 02:07 . 2010-02-11 12:01 226880 c:\windows\system32\drivers\tcpip6.sys

+ 2004-08-04 02:14 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys

+ 2004-08-04 02:14 . 2009-12-31 16:14 352640 c:\windows\system32\drivers\srv.sys

+ 2001-10-28 15:07 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys

+ 2004-08-04 02:15 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys

+ 2004-08-04 02:14 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys

+ 2004-08-04 03:45 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll

+ 2009-07-15 16:24 . 2008-04-21 21:27 216064 c:\windows\system32\dllcache\wordpad.exe

+ 2004-08-04 03:45 . 2009-04-10 04:01 413032 c:\windows\system32\dllcache\wmspdmod.dll

+ 2004-08-04 03:45 . 2009-07-13 13:08 286720 c:\windows\system32\dllcache\wmpdxm.dll

+ 2009-07-15 16:24 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe

+ 2009-07-15 16:24 . 2009-02-09 10:19 453120 c:\windows\system32\dllcache\wmiprvsd.dll

+ 2004-08-04 03:45 . 2007-10-20 09:01 227328 c:\windows\system32\dllcache\wmasf.dll

+ 2004-08-04 03:45 . 2009-06-10 06:31 132096 c:\windows\system32\dllcache\wkssvc.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 132096 c:\windows\system32\dllcache\wkssvc.dll

+ 2004-08-04 03:45 . 2009-12-24 07:06 177664 c:\windows\system32\dllcache\wintrust.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 664064 c:\windows\system32\dllcache\wininet.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 351232 c:\windows\system32\dllcache\winhttp.dll

+ 2004-08-04 03:45 . 2008-12-16 12:50 351232 c:\windows\system32\dllcache\winhttp.dll

+ 2004-08-04 03:45 . 2010-03-10 08:03 417792 c:\windows\system32\dllcache\vbscript.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 417792 c:\windows\system32\dllcache\vbscript.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 625664 c:\windows\system32\dllcache\urlmon.dll

- 2009-07-15 16:26 . 2004-08-04 03:45 153088 c:\windows\system32\dllcache\triedit.dll

+ 2009-07-15 16:26 . 2009-06-21 22:06 153088 c:\windows\system32\dllcache\triedit.dll

+ 2004-08-04 02:07 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys

+ 2004-08-04 02:14 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys

+ 2004-08-04 03:45 . 2009-10-16 01:51 119808 c:\windows\system32\dllcache\t2embed.dll

+ 2004-08-04 03:45 . 2009-08-26 08:15 247326 c:\windows\system32\dllcache\strmdll.dll

+ 2004-08-04 02:14 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys

+ 2004-08-04 03:45 . 2010-04-16 15:36 474112 c:\windows\system32\dllcache\shlwapi.dll

+ 2004-08-04 03:45 . 2009-02-09 10:08 111104 c:\windows\system32\dllcache\services.exe

+ 2004-08-04 03:45 . 2009-06-25 08:46 168448 c:\windows\system32\dllcache\schannel.dll

+ 2004-08-04 03:45 . 2009-02-09 10:19 399360 c:\windows\system32\dllcache\rpcss.dll

+ 2004-08-04 03:45 . 2009-04-15 15:17 584192 c:\windows\system32\dllcache\rpcrt4.dll

+ 2001-10-28 15:07 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys

+ 2004-08-04 03:45 . 2009-10-12 13:52 112640 c:\windows\system32\dllcache\rastls.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 112640 c:\windows\system32\dllcache\rastls.dll

+ 2004-08-04 03:45 . 2009-03-06 14:46 285696 c:\windows\system32\dllcache\pdh.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 285696 c:\windows\system32\dllcache\pdh.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 267776 c:\windows\system32\dllcache\oakley.dll

+ 2004-08-04 03:45 . 2009-10-13 10:52 267776 c:\windows\system32\dllcache\oakley.dll

+ 2004-08-04 03:45 . 2009-02-09 10:19 730624 c:\windows\system32\dllcache\ntdll.dll

+ 2004-08-04 03:45 . 2008-10-15 16:59 332800 c:\windows\system32\dllcache\netapi32.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 247808 c:\windows\system32\dllcache\mswsock.dll

+ 2004-08-04 03:45 . 2008-06-20 17:41 247808 c:\windows\system32\dllcache\mswsock.dll

+ 2004-08-04 03:45 . 2009-08-05 09:06 205312 c:\windows\system32\dllcache\mswebdvd.dll

+ 2004-08-04 03:45 . 2009-09-11 14:35 133632 c:\windows\system32\dllcache\msv1_0.dll

+ 2009-07-15 16:24 . 2009-06-05 07:48 655872 c:\windows\system32\dllcache\mstscax.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 532480 c:\windows\system32\dllcache\mstime.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 146432 c:\windows\system32\dllcache\msrating.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 146432 c:\windows\system32\dllcache\msrating.dll

+ 2009-07-15 16:24 . 2009-12-17 07:59 345600 c:\windows\system32\dllcache\mspaint.exe

- 2009-07-15 16:24 . 2004-08-04 03:45 345600 c:\windows\system32\dllcache\mspaint.exe

+ 2004-08-04 03:45 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll

+ 2004-08-04 03:44 . 2005-05-04 17:45 884736 c:\windows\system32\dllcache\msimsg.dll

- 2004-08-04 03:44 . 2004-08-04 03:44 884736 c:\windows\system32\dllcache\msimsg.dll

+ 2004-08-04 03:45 . 2005-05-04 17:45 271360 c:\windows\system32\dllcache\msihnd.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 449024 c:\windows\system32\dllcache\mshtmled.dll

+ 2009-07-15 16:24 . 2008-06-12 14:18 161792 c:\windows\system32\dllcache\msdtcuiu.dll

+ 2009-07-15 16:24 . 2008-06-12 14:18 956928 c:\windows\system32\dllcache\msdtctm.dll

+ 2009-07-15 16:24 . 2008-06-12 14:18 428032 c:\windows\system32\dllcache\msdtcprx.dll

- 2009-07-15 16:26 . 2004-08-04 03:45 331776 c:\windows\system32\dllcache\msadce.dll

+ 2009-07-15 16:26 . 2008-05-01 14:32 331776 c:\windows\system32\dllcache\msadce.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 523776 c:\windows\system32\dllcache\mqutil.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 523776 c:\windows\system32\dllcache\mqutil.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 186880 c:\windows\system32\dllcache\mqtrig.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 117248 c:\windows\system32\dllcache\mqtgsvc.exe

+ 2004-08-04 03:45 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe

+ 2004-08-04 03:45 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 123392 c:\windows\system32\dllcache\mqrtdep.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 177152 c:\windows\system32\dllcache\mqrt.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 225280 c:\windows\system32\dllcache\mqoa.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 138240 c:\windows\system32\dllcache\mqad.dll

+ 2004-08-04 03:45 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll

+ 2004-08-04 03:45 . 2009-06-25 08:46 727040 c:\windows\system32\dllcache\lsasrv.dll

+ 2004-08-04 03:45 . 2009-05-07 15:43 345600 c:\windows\system32\dllcache\localspl.dll

+ 2004-08-04 03:45 . 2009-06-25 08:46 298496 c:\windows\system32\dllcache\kerberos.dll

+ 2004-08-04 03:45 . 2009-08-21 06:51 450560 c:\windows\system32\dllcache\jscript.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 450560 c:\windows\system32\dllcache\jscript.dll

+ 2009-07-15 16:26 . 2010-01-29 15:07 683520 c:\windows\system32\dllcache\inetcomm.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 251392 c:\windows\system32\dllcache\iepeers.dll

- 2009-07-15 16:26 . 2004-08-04 03:45 743936 c:\windows\system32\dllcache\helpsvc.exe

+ 2009-07-15 16:26 . 2010-06-14 14:30 743936 c:\windows\system32\dllcache\helpsvc.exe

+ 2004-08-04 03:45 . 2008-10-23 13:00 283648 c:\windows\system32\dllcache\gdi32.dll

+ 2009-07-15 16:24 . 2009-02-09 10:19 473088 c:\windows\system32\dllcache\fastprox.dll

+ 2004-08-04 03:45 . 2008-07-07 20:31 253952 c:\windows\system32\dllcache\es.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 205312 c:\windows\system32\dllcache\dxtrans.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 357888 c:\windows\system32\dllcache\dxtmsft.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 357888 c:\windows\system32\dllcache\dxtmsft.dll

+ 2004-08-04 03:45 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 151552 c:\windows\system32\dllcache\cdfview.dll

- 2004-08-04 03:44 . 2004-08-04 03:44 285696 c:\windows\system32\dllcache\atmfd.dll

+ 2004-08-04 03:44 . 2010-04-20 05:47 285696 c:\windows\system32\dllcache\atmfd.dll

+ 2004-08-04 02:14 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys

+ 2004-08-04 03:45 . 2009-02-09 10:19 683008 c:\windows\system32\dllcache\advapi32.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 683008 c:\windows\system32\dllcache\advapi32.dll

+ 2004-08-04 03:45 . 2009-11-21 16:42 470528 c:\windows\system32\dllcache\aclayers.dll

+ 2004-08-04 03:45 . 2010-02-12 04:46 100864 c:\windows\system32\dllcache\6to4svc.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 151552 c:\windows\system32\cdfview.dll

+ 2004-08-04 03:44 . 2010-04-20 05:47 285696 c:\windows\system32\atmfd.dll

- 2004-08-04 03:44 . 2004-08-04 03:44 285696 c:\windows\system32\atmfd.dll

+ 2004-08-04 03:45 . 2009-02-09 10:19 683008 c:\windows\system32\advapi32.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 683008 c:\windows\system32\advapi32.dll

+ 2004-08-04 03:45 . 2010-02-12 04:46 100864 c:\windows\system32\6to4svc.dll

- 2009-07-15 16:26 . 2004-08-04 03:45 743936 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe

+ 2009-07-15 16:26 . 2010-06-14 14:30 743936 c:\windows\pchealth\helpctr\binaries\helpsvc.exe

+ 2010-09-16 12:34 . 2010-09-16 12:34 969728 c:\windows\Installer\3b6b0.msi

+ 2010-09-16 02:24 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2010-09-16 02:43 . 2008-06-14 17:59 272384 c:\windows\Driver Cache\i386\bthport.sys

+ 2004-08-04 03:45 . 2009-11-21 16:42 470528 c:\windows\AppPatch\aclayers.dll

+ 2010-09-16 02:26 . 2009-08-13 13:56 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll

+ 2004-08-04 03:45 . 2010-04-03 09:39 2377576 c:\windows\system32\WMVCore.dll

+ 2004-08-04 03:45 . 2009-07-13 13:08 5537792 c:\windows\system32\wmp.dll

+ 2004-08-04 03:45 . 2008-06-10 09:28 1028096 c:\windows\system32\WMNetmgr.dll

+ 2004-08-04 03:38 . 2010-05-02 08:26 1851008 c:\windows\system32\win32k.sys

+ 2004-08-04 03:45 . 2008-07-03 13:15 8484352 c:\windows\system32\shell32.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 1506304 c:\windows\system32\shdocvw.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 1439744 c:\windows\system32\query.dll

+ 2004-08-04 03:45 . 2009-07-17 16:27 1439744 c:\windows\system32\query.dll

+ 2004-08-04 03:45 . 2010-02-05 18:40 1295872 c:\windows\system32\quartz.dll

+ 2004-08-04 03:40 . 2010-02-16 19:33 2141184 c:\windows\system32\ntoskrnl.exe

+ 2004-08-04 00:40 . 2010-02-16 19:32 2020864 c:\windows\system32\ntkrnlpa.exe

+ 2009-08-19 20:07 . 2009-08-19 20:07 1415000 c:\windows\system32\msxml6.dll

+ 2004-08-04 03:45 . 2009-07-31 04:59 1172480 c:\windows\system32\msxml3.dll

+ 2004-08-04 03:45 . 2005-05-04 17:45 2890240 c:\windows\system32\msi.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 3086336 c:\windows\system32\mshtml.dll

+ 2004-08-04 03:45 . 2009-03-21 14:20 1025024 c:\windows\system32\kernel32.dll

+ 2010-09-17 02:16 . 2009-03-11 01:26 1434496 c:\windows\system32\KB905474\wganotifypackageinner.exe

+ 2004-08-04 03:45 . 2010-04-03 09:39 2377576 c:\windows\system32\dllcache\WMVCore.dll

+ 2004-08-04 03:45 . 2009-07-13 13:08 5537792 c:\windows\system32\dllcache\wmp.dll

+ 2004-08-04 03:45 . 2008-06-10 09:28 1028096 c:\windows\system32\dllcache\WMNetmgr.dll

+ 2004-08-04 03:38 . 2010-05-02 08:26 1851008 c:\windows\system32\dllcache\win32k.sys

+ 2004-08-04 03:45 . 2008-07-03 13:15 8484352 c:\windows\system32\dllcache\shell32.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 1506304 c:\windows\system32\dllcache\shdocvw.dll

+ 2004-08-04 03:45 . 2009-07-17 16:27 1439744 c:\windows\system32\dllcache\query.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 1439744 c:\windows\system32\dllcache\query.dll

+ 2004-08-04 03:45 . 2010-02-05 18:40 1295872 c:\windows\system32\dllcache\quartz.dll

+ 2004-08-04 03:45 . 2009-07-31 04:59 1172480 c:\windows\system32\dllcache\msxml3.dll

+ 2009-07-15 16:26 . 2010-01-29 15:07 1315840 c:\windows\system32\dllcache\msoe.dll

+ 2004-08-04 03:45 . 2005-05-04 17:45 2890240 c:\windows\system32\dllcache\msi.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 3086336 c:\windows\system32\dllcache\mshtml.dll

- 2009-07-15 16:26 . 2004-08-04 03:45 3555328 c:\windows\system32\dllcache\moviemk.exe

+ 2009-07-15 16:26 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe

+ 2004-08-04 03:45 . 2009-03-21 14:20 1025024 c:\windows\system32\dllcache\kernel32.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 1055744 c:\windows\system32\dllcache\danim.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 1024000 c:\windows\system32\dllcache\browseui.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 1055744 c:\windows\system32\danim.dll

+ 2004-08-04 03:45 . 2010-04-16 15:36 1024000 c:\windows\system32\browseui.dll

+ 2010-09-16 02:42 . 2010-02-16 19:33 2185600 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2010-09-16 02:42 . 2010-02-16 19:32 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2010-09-16 02:42 . 2010-02-16 19:33 2062592 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2010-09-16 02:42 . 2010-02-16 19:33 2141184 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2010-09-16 01:57 . 2010-09-16 01:57 20303872 c:\windows\Installer\2727e9.msp

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{3ba34663-845a-4931-a6f3-1e033ec342a7}"= "c:\arquivos de programas\Thoosje\tbThoo.dll" [2009-11-09 2331672]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

 

[HKEY_CLASSES_ROOT\clsid\{3ba34663-845a-4931-a6f3-1e033ec342a7}]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ba34663-845a-4931-a6f3-1e033ec342a7}]

2009-11-09 21:38 2331672 ------w- c:\arquivos de programas\Thoosje\tbThoo.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-06-30 17:22 2102600 ----a-w- c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

"{3ba34663-845a-4931-a6f3-1e033ec342a7}"= "c:\arquivos de programas\Thoosje\tbThoo.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CLASSES_ROOT\clsid\{3ba34663-845a-4931-a6f3-1e033ec342a7}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

"{3BA34663-845A-4931-A6F3-1E033EC342A7}"= "c:\arquivos de programas\Thoosje\tbThoo.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CLASSES_ROOT\clsid\{3ba34663-845a-4931-a6f3-1e033ec342a7}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-06-25 53248]

"OSD"="c:\arquivos de programas\C&E\OSD\osd.exe" [2007-08-28 671801]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-02 630784]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2006-04-19 421888]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"CloneDVDElbyDelay"="c:\arquivos de programas\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 45056]

"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-07-24 77824]

"Google Desktop Search"="c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-04 30192]

"AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2010-09-06 2065760]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-09-10 202256]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-7-16 262144]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-09-06 14:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/9/2010 11:35 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/9/2010 11:36 243024]

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [14/7/2010 20:57 81920]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [6/9/2010 11:35 308136]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\firebird\bin\fbguard.exe -s --> c:\firebird\bin\fbguard.exe -s [?]

R2 hpinst;hpinst;c:\windows\system32\drivers\hpinst.sys [14/8/2009 14:44 7296]

R2 srvcHP2;HP S&P Authorization Service;c:\windows\system\HpServ.exe [21/7/2004 04:02 691200]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\firebird\bin\fbserver.exe -s --> c:\firebird\bin\fbserver.exe -s [?]

S0 lxdyskdz;lxdyskdz;c:\windows\system32\drivers\lxdyskdz.sys --> c:\windows\system32\drivers\lxdyskdz.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [4/9/2010 17:42 136176]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\arquivos de programas\AVG\AVG9\Toolbar\ToolbarBroker.exe [6/9/2010 11:35 431432]

S3 GoogleDesktopManager-051210-111108;Gerenciador do Google Desktop 5.9.1005.12335;c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [7/2/2010 14:53 30192]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [16/7/2009 09:51 264576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

 

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

 

2010-09-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1060284298-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

 

2010-09-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1060284298-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

 

2010-09-17 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-09-17 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = 192.168.10.160

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

FF - ProfilePath - c:\documents and settings\Jones\Dados de aplicativos\Mozilla\Firefox\Profiles\sb2s2u71.default\

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos:

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2332)

c:\windows\system32\msi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\firebird\bin\fbguard.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\windows\system32\wdfmgr.exe

c:\firebird\bin\fbserver.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

.

**************************************************************************

.

Tempo para conclusão: 2010-09-17 11:02:40 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-09-17 14:02

ComboFix2.txt 2010-09-14 00:01

 

Pré-execução: 30 pasta(s) 52.113.141.760 bytes disponíveis

Pós execução: 31 pasta(s) 52.093.427.712 bytes disponíveis

 

- - End Of File - - A7E1C3915D230B39EBFCFE260F2E124D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá astronautalouco

 

O Wings está ausente, portanto eu darei continuidade ao seu caso.

 

1.

 

Delete o arquivo C:\combofix.txt

 

:veja: Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

  Citar

Killall::

File::

c:\windows\system32\drivers\lxdyskdz.sys

c:\windows\system32\pombaii.dll

c:\windows\system32\dloDF.tmp

Filelook::

c:\windows\system32\tzchange.exe

c:\windows\system32\sc.exe

c:\windows\Installer\2727e2.msi

Driver::

lxdyskdz

 

 

:veja: Salve o arquivo no desktop como CFScript.txt

:veja: Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

CFScript.gif

 

:veja: Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

:veja: Ao final do procedimento, o programa será fechado automaticamente e será mostrado o relatório

:veja: Cole o relatório criado em C:\combofix.txt

 

 

T+

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-09-13.01 - Jones 22/09/2010 23:18:46.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1917.1176 [GMT -3:00]

Executando de: c:\documents and settings\Jones\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Jones\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Criado um novo ponto de restauração

.

- MODO DE FUNCIONALIDADE REDUZIDA -

 

FILE ::

"c:\windows\system32\dloDF.tmp"

"c:\windows\system32\drivers\lxdyskdz.sys"

"c:\windows\system32\pombaii.dll"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\dloDF.tmp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-23 to 2010-09-23 ))))))))))))))))))))))))))))

.

 

2010-09-21 05:08 . 2010-09-21 05:08 12575488 ----a-w- c:\documents and settings\Jones\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller2x0\airinstaller2x0.exe

2010-09-17 14:03 . 2010-09-19 04:58 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-09-17 02:16 . 2010-09-17 02:16 -------- d-----w- c:\windows\system32\KB905474

2010-09-16 12:34 . 2010-09-16 12:34 -------- d-----w- c:\arquivos de programas\MSXML 6.0

2010-09-16 12:32 . 2010-09-16 12:32 -------- d-----w- c:\windows\ServicePackFiles

2010-09-16 02:43 . 2008-06-14 17:59 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-09-16 02:43 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-09-16 02:42 . 2010-02-16 19:33 2185600 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-09-16 02:42 . 2010-02-16 19:33 2141184 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-09-16 02:42 . 2010-02-16 19:33 2062592 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-09-16 02:42 . 2010-02-16 19:32 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-09-16 02:24 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-09-16 01:57 . 2010-09-16 01:57 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-09-15 21:17 . 2010-09-18 00:42 -------- d--h--w- c:\windows\$hf_mig$

2010-09-13 15:07 . 2010-09-13 15:07 -------- d-----w- c:\documents and settings\Jones\Dados de aplicativos\Malwarebytes

2010-09-13 15:07 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-13 15:07 . 2010-09-13 15:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-09-13 15:07 . 2010-09-13 15:07 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-09-13 15:07 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-13 03:35 . 2010-09-13 03:36 -------- d-----w- C:\hijack

2010-09-10 19:28 . 2010-09-10 19:28 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-09-10 04:25 . 2010-09-10 04:26 -------- d-----w- c:\arquivos de programas\Real

2010-09-10 04:25 . 2010-09-10 04:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-09-06 15:37 . 2010-06-30 17:22 2102600 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar\IEToolbar.dll

2010-09-06 14:36 . 2010-09-06 14:36 -------- d-----w- C:\$AVG

2010-09-06 14:36 . 2010-09-06 14:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-09-06 14:36 . 2010-09-06 14:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-09-06 14:35 . 2010-09-06 14:35 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-09-06 14:35 . 2010-09-06 14:35 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-09-06 14:35 . 2010-09-23 01:55 -------- d-----w- c:\windows\system32\drivers\Avg

2010-09-06 14:35 . 2010-09-06 15:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar

2010-09-06 14:35 . 2010-09-13 23:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-09-06 14:35 . 2010-09-06 14:35 -------- d-----w- c:\arquivos de programas\AVG

2010-09-04 21:06 . 2010-09-04 21:06 0 ----a-w- c:\windows\nsreg.dat

2010-08-30 14:19 . 2010-08-30 14:35 -------- d-----w- C:\MAUA_O_IMPERADOR_E_O_REI

2010-08-26 15:21 . 2010-08-26 15:35 -------- d-----w- C:\ALINE_BARROS

2010-08-26 14:46 . 2010-08-26 15:16 -------- d-----w- C:\MEN_OF_HONOR

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-19 03:15 . 2001-10-28 15:07 50002 ----a-w- c:\windows\system32\perfc016.dat

2010-09-19 03:15 . 2001-10-28 15:07 347886 ----a-w- c:\windows\system32\perfh016.dat

2010-09-10 04:26 . 2010-09-10 04:26 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-09-10 04:26 . 2010-09-10 04:26 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-09-10 04:26 . 2010-09-10 04:26 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-09-10 04:26 . 2010-09-10 04:26 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-09-10 04:26 . 2010-09-10 04:26 49152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-09-10 04:26 . 2010-09-10 04:26 40960 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-09-10 04:26 . 2010-09-10 04:26 308808 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-09-10 04:26 . 2010-09-10 04:26 14848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-09-10 04:26 . 2010-09-10 04:26 341600 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-09-10 04:26 . 2010-09-10 04:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-09-10 04:25 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-09-09 18:55 . 2009-09-09 12:44 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-09-09 18:55 . 2009-09-09 12:44 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-09-09 18:54 . 2009-09-09 13:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Corel

2010-09-04 20:42 . 2010-02-07 17:53 -------- d-----w- c:\arquivos de programas\Google

2010-08-30 13:54 . 2010-03-08 22:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2010-08-25 03:02 . 2010-01-22 20:37 -------- d-----w- c:\arquivos de programas\Oi Velox

2010-08-24 13:23 . 2010-02-05 12:53 -------- d-----w- c:\arquivos de programas\HP

2010-08-24 13:20 . 2010-02-05 12:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-08-12 21:04 . 2009-11-20 00:23 -------- d-----w- c:\documents and settings\Jones\Dados de aplicativos\Free Audio Editor

2010-08-12 20:51 . 2009-11-20 00:22 -------- d-----w- c:\arquivos de programas\Free Audio Editor

2010-08-10 19:05 . 2010-06-02 18:59 -------- d-----w- c:\arquivos de programas\Bible

2010-09-04 19:32 . 2010-09-06 13:55 119808 ----a-w- c:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

--- c:\windows\Installer\2727e2.msi ---

Company: ------

File Description: ------

File Version: ------

Product Name: ------

Copyright: ------

Original Filename: ------

File size: 38400

Created time: 2010-09-16 01:57

Modified time: 2010-09-16 01:57

MD5: D10253F697FF05426D5CFFCFEE4DDBE0

SHA1: C5DF806881E8FA729ED1A7631C441FFAEC7D8746

 

 

--- c:\windows\system32\sc.exe ---

Company: Microsoft Corporation

File Description: A tool to aid in developing services for WindowsNT

File Version: 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: sc.exe

File size: 35328

Created time: 2001-10-28 15:07

Modified time: 2009-02-06 16:54

MD5: 07BD3E7F20CB382A1A70B92E042C9518

SHA1: 4D6EFAB293A72EAFAF7A9FDE231047305B768EA2

 

 

--- c:\windows\system32\tzchange.exe ---

Company: Microsoft Corporation

File Description: Microsoft Timezone change tool

File Version: 5.1.2600.5971 (xpsp_sp3_gdr.100421-1703)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: tzchange.exe

File size: 46080

Created time: 2010-09-16 01:42

Modified time: 2010-04-21 13:28

MD5: 4B10C4D17244EC91DB4B8DB97963D1B6

SHA1: 6EBA19B720CEC68BB0D532E1D6024A9F6E90FD41

 

 

((((((((((((((((((((((((((((( SnapShot_2010-09-17_14.00.35 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 03:45 . 2009-10-21 06:01 75776 c:\windows\system32\strmfilt.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 75776 c:\windows\system32\strmfilt.dll

- 2001-10-28 15:07 . 2010-09-17 13:46 41170 c:\windows\system32\perfc009.dat

+ 2001-10-28 15:07 . 2010-09-19 03:15 41170 c:\windows\system32\perfc009.dat

+ 2004-08-04 03:45 . 2009-10-21 06:01 25088 c:\windows\system32\httpapi.dll

+ 2004-08-04 03:45 . 2009-10-21 06:01 75776 c:\windows\system32\dllcache\strmfilt.dll

- 2004-08-04 03:45 . 2004-08-04 03:45 75776 c:\windows\system32\dllcache\strmfilt.dll

+ 2004-08-04 03:45 . 2009-10-21 06:01 25088 c:\windows\system32\dllcache\httpapi.dll

+ 2004-08-04 03:45 . 2009-08-25 09:48 352256 c:\windows\system32\winhttp.dll

+ 2001-10-28 15:07 . 2010-09-19 03:15 314842 c:\windows\system32\perfh009.dat

- 2001-10-28 15:07 . 2010-09-17 13:46 314842 c:\windows\system32\perfh009.dat

+ 2004-08-04 02:00 . 2009-10-20 14:58 263552 c:\windows\system32\drivers\http.sys

+ 2004-08-04 03:45 . 2009-08-25 09:48 352256 c:\windows\system32\dllcache\winhttp.dll

+ 2009-10-20 14:58 . 2009-10-20 14:58 263552 c:\windows\system32\dllcache\http.sys

+ 2009-10-20 14:58 . 2009-10-20 14:58 263552 c:\windows\Driver Cache\i386\http.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{3ba34663-845a-4931-a6f3-1e033ec342a7}"= "c:\arquivos de programas\Thoosje\tbThoo.dll" [2009-11-09 2331672]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

 

[HKEY_CLASSES_ROOT\clsid\{3ba34663-845a-4931-a6f3-1e033ec342a7}]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ba34663-845a-4931-a6f3-1e033ec342a7}]

2009-11-09 21:38 2331672 ------w- c:\arquivos de programas\Thoosje\tbThoo.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-06-30 17:22 2102600 ----a-w- c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

"{3ba34663-845a-4931-a6f3-1e033ec342a7}"= "c:\arquivos de programas\Thoosje\tbThoo.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CLASSES_ROOT\clsid\{3ba34663-845a-4931-a6f3-1e033ec342a7}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

"{3BA34663-845A-4931-A6F3-1E033EC342A7}"= "c:\arquivos de programas\Thoosje\tbThoo.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CLASSES_ROOT\clsid\{3ba34663-845a-4931-a6f3-1e033ec342a7}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-06-25 53248]

"OSD"="c:\arquivos de programas\C&E\OSD\osd.exe" [2007-08-28 671801]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-02 630784]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2006-04-19 421888]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"CloneDVDElbyDelay"="c:\arquivos de programas\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 45056]

"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-07-24 77824]

"Google Desktop Search"="c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-04 30192]

"AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2010-09-06 2065760]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-09-10 202256]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-7-16 262144]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-09-06 14:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/9/2010 11:35 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/9/2010 11:36 243024]

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [14/7/2010 20:57 81920]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [6/9/2010 11:35 308136]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\firebird\bin\fbguard.exe -s --> c:\firebird\bin\fbguard.exe -s [?]

R2 hpinst;hpinst;c:\windows\system32\drivers\hpinst.sys [14/8/2009 14:44 7296]

R2 srvcHP2;HP S&P Authorization Service;c:\windows\system\HpServ.exe [21/7/2004 04:02 691200]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\firebird\bin\fbserver.exe -s --> c:\firebird\bin\fbserver.exe -s [?]

S0 lxdyskdz;lxdyskdz;c:\windows\system32\drivers\lxdyskdz.sys --> c:\windows\system32\drivers\lxdyskdz.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [4/9/2010 17:42 136176]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\arquivos de programas\AVG\AVG9\Toolbar\ToolbarBroker.exe [6/9/2010 11:35 431432]

S3 GoogleDesktopManager-051210-111108;Gerenciador do Google Desktop 5.9.1005.12335;c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [7/2/2010 14:53 30192]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [16/7/2009 09:51 264576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

 

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

 

2010-09-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1060284298-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

 

2010-09-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1060284298-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

 

2010-09-23 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-09-17 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = 192.168.10.160

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

FF - ProfilePath - c:\documents and settings\Jones\Dados de aplicativos\Mozilla\Firefox\Profiles\sb2s2u71.default\

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-22 23:21

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(1544)

c:\windows\system32\msi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\firebird\bin\fbguard.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\windows\system32\wdfmgr.exe

c:\firebird\bin\fbserver.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

.

**************************************************************************

.

Tempo para conclusão: 2010-09-22 23:24:30 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-09-23 02:24

ComboFix2.txt 2010-09-14 00:01

 

Pré-execução: 30 pasta(s) 51.176.632.320 bytes disponíveis

Pós execução: 31 pasta(s) 51.274.498.048 bytes disponíveis

 

- - End Of File - - 52EB963C6F07251DA8286B31AD0B62F6

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá.

 

1.

 

:veja: Clique no botão Iniciar

:veja: Clique em Executar

:veja: Digite combofix /uninstall e dê Enter

 

92674490.jpg

 

:veja: Delete a pasta C:\Qoobox e o arquivo C:\combofix.txt, se ainda existirem.

 

2.

 

:veja: Faça o Scan Online com o KaspersKy aqui

:veja: Faça de acordo com o flash Abaixo:

 

kaspersky.gif

 

:veja: Copie e cole o log aqui...

 

 

3.

 

Informe como está o sistema.

 

 

T+

Compartilhar este post


Link para o post
Compartilhar em outros sites

segue o log

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, October 1, 2010

Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, October 01, 2010 06:45:27

Records in database: 4263962

--------------------------------------------------------------------------------

 

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

G:\

 

Scan statistics:

Objects scanned: 62643

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 01:30:06

 

No threats found. Scanned area is clean.

 

Selected area has been scanned.

 

obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.