[Arquivado] Micro lento, programas não respondem

REDENTOR · Março 28, 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:41:48, on 28/03/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE

C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Windows\System32\mobsync.exe

C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fornecido por Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: Agente de Gerenciamento do F-Secure (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8089 bytes

jgarcia · Abril 4, 2008

Opa REDENTOR,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

REDENTOR · Abril 4, 2008

Rodei o Combofix como você pediu. Qdo ele termina, abre-se uma janela do bloco de notas com a msg:

[.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787, que nunca tinha aparecido...

Seguem os logs, abraços.

ComboFix 08-03-30.4 - CRIS 2008-04-04 4:44:56.2 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1046.18.102 [GMT -3:00]

Executando de: C:\Users\CRIS\Desktop\ComboFix.exe

.

TimedOut: Windir.dat

((((((((((((((((((((((( Ficheiros criados de 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))

.

2008-04-04 03:21 . 2008-04-04 03:21 <DIR> d-------- C:\Program Files\Programas RFB

2008-04-04 03:20 . 2008-04-04 04:25 <DIR> d-------- C:\Program Files\SpywareGuard

2008-04-03 22:07 . 2008-04-03 22:07 <DIR> d-------- C:\Windows\System32\Kaspersky Lab

2008-03-31 13:49 . 2008-03-31 13:49 8,627 --a------ C:\Windows\System32\PAV_FOG.OPC

2008-03-31 13:13 . 2008-03-31 13:13 <DIR> d-------- C:\Users\All Users\sentinel

2008-03-31 13:13 . 2008-03-31 13:13 <DIR> d-------- C:\ProgramData\sentinel

2008-03-31 12:58 . 2008-03-31 12:58 <DIR> d-------- C:\Users\All Users\Backup

2008-03-31 12:58 . 2008-03-31 12:58 <DIR> d-------- C:\ProgramData\Backup

2008-03-31 12:56 . 2008-03-31 12:56 <DIR> d-------- C:\Program Files\Panda Security

2008-03-31 06:17 . 2008-04-02 01:11 <DIR> d-------- C:\Program Files\Common Files\Panda Software

2008-03-31 04:04 . 2008-03-31 04:11 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\U3

2008-03-30 21:04 . 2007-09-20 14:12 12,800 --a------ C:\Windows\System32\drivers\elrawdsk.sys

2008-03-30 20:52 . 2008-03-30 20:52 74,703 --a------ C:\Windows\System32\mfc45.dll

2008-03-30 19:27 . 2008-03-30 19:27 <DIR> d-------- C:\Program Files\GbPlugin

2008-03-30 19:26 . 2008-03-30 19:27 <DIR> d-------- C:\Users\All Users\GbPlugin

2008-03-30 19:26 . 2008-03-30 19:27 <DIR> d-------- C:\ProgramData\GbPlugin

2008-03-30 19:20 . 2008-04-02 01:17 <DIR> d-------- C:\Program Files\Trend Micro

2008-03-30 17:29 . 2008-03-30 19:58 <DIR> d-------- C:\Users\CRIS\.housecall6.6

2008-03-28 16:00 . 2008-03-28 16:00 194,560 --a------ C:\Windows\System32\WebClnt.dll

2008-03-28 16:00 . 2008-03-28 16:00 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys

2008-03-28 15:50 . 2008-03-28 15:50 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\VSRevoGroup

2008-03-28 15:20 . 2008-03-28 15:20 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\TuneUp Software

2008-03-28 14:53 . 2008-03-28 14:53 63 --a------ C:\Windows\system\SysSD.dll

2008-03-28 14:03 . 2008-03-30 22:01 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\iolo

2008-03-28 14:03 . 2008-03-31 03:27 <DIR> d-------- C:\Users\All Users\iolo

2008-03-28 14:03 . 2008-03-31 03:27 <DIR> d-------- C:\ProgramData\iolo

2008-03-28 14:03 . 2008-03-31 03:30 <DIR> d-------- C:\Program Files\iolo

2008-03-28 14:03 . 2008-03-28 14:03 406 --a------ C:\Windows\System32\ioloBootDefrag.cfg

2008-03-28 04:12 . 2008-03-28 08:57 <DIR> d-------- C:\Windows\BDOSCAN8

2008-03-28 03:39 . 2007-06-28 14:36 401,720 --a------ C:\HijackThis.exe

2008-03-27 14:03 . 2008-03-27 14:03 <DIR> d-------- C:\Users\All Users\Kaspersky Lab

2008-03-27 14:03 . 2008-03-27 14:03 <DIR> d-------- C:\ProgramData\Kaspersky Lab

2008-03-27 13:59 . 2008-03-27 13:59 <DIR> d-------- C:\Windows\Sun

2008-03-27 03:18 . 2008-03-27 23:42 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\Vso

2008-03-27 01:24 . 2008-03-27 14:37 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\CyberLink

2008-03-26 23:26 . 2008-03-26 23:32 <DIR> d-------- C:\Program Files\Windows Live Toolbar

2008-03-26 05:40 . 2008-03-27 02:28 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\Skype

2008-03-26 05:39 . 2007-12-15 00:54 180,224 --a------ C:\Windows\System32\igfxres.dll

2008-03-26 05:14 . 2002-07-07 23:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm

2008-03-26 05:14 . 2007-09-04 17:56 164,352 --a------ C:\Windows\System32\unrar.dll

2008-03-26 05:12 . 2007-12-24 13:49 7,680 --a------ C:\Windows\System32\ff_vfw.dll

2008-03-26 05:12 . 2007-07-10 17:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest

2008-03-26 05:11 . 2008-03-26 05:15 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2008-03-26 05:10 . 2008-04-02 23:35 3,082 --a------ C:\Windows\System32\affv208325p1now.sys

2008-03-26 04:59 . 2008-03-26 23:29 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-26 04:55 . 2008-03-27 00:34 <DIR> d-------- C:\Program Files\Windows Live

2008-03-26 04:35 . 2008-03-26 04:35 <DIR> d-------- C:\Program Files\URUSoft

2008-03-26 04:32 . 2008-03-26 04:34 <DIR> d-------- C:\Program Files\Picasa2

2008-03-26 04:20 . 2008-03-26 04:24 <DIR> d-------- C:\Program Files\Skype

2008-03-26 04:17 . 2008-03-26 04:18 <DIR> d-------- C:\Program Files\Common Files\Skype

2008-03-26 04:10 . 2001-03-08 18:30 24,064 --------- C:\Windows\System32\msxml3a.dll

2008-03-26 02:36 . 2008-03-28 00:14 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\F-Secure

2008-03-26 00:49 . 2008-04-02 23:36 <DIR> d-------- C:\Program Files\WinAVIVideoConverter

2008-03-26 00:49 . 2007-05-25 10:15 572,784 --a------ C:\Windows\System32\msvcp50.dll

2008-03-26 00:48 . 2008-03-26 00:48 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-03-26 00:47 . 2008-04-04 04:36 <DIR> d-------- C:\Users\All Users\F-Secure

2008-03-26 00:47 . 2008-04-04 04:36 <DIR> d-------- C:\ProgramData\F-Secure

2008-03-26 00:45 . 2008-03-26 00:45 <DIR> d-------- C:\Program Files\Real

2008-03-26 00:45 . 2008-04-04 04:41 <DIR> d-------- C:\Program Files\F-Secure Internet Security

2008-03-26 00:45 . 2008-03-26 00:48 <DIR> d-------- C:\Program Files\Common Files\Real

2008-03-25 23:57 . 2008-03-25 23:57 <DIR> d-------- C:\Program Files\VS Revo Group

2008-03-25 23:54 . 2008-04-04 03:32 <DIR> d-------- C:\Users\All Users\fssg

2008-03-25 23:54 . 2008-04-04 03:32 <DIR> d-------- C:\ProgramData\fssg

2008-03-25 23:48 . 2008-03-25 23:51 <DIR> d-------- C:\Program Files\Opera

2008-03-25 23:43 . 2008-03-26 04:21 <DIR> d-------- C:\Users\All Users\Skype

2008-03-25 23:43 . 2008-03-26 04:21 <DIR> d-------- C:\ProgramData\Skype

2008-03-25 23:41 . 2008-03-25 23:42 <DIR> d-------- C:\Program Files\DVD Decrypter

2008-03-25 23:17 . 2007-04-09 13:23 28,040 --a------ C:\Windows\System32\mdimon.dll

2008-03-25 23:17 . 2008-03-25 23:17 418 --a------ C:\Windows\ODBC.INI

2008-03-25 23:14 . 2008-03-25 23:15 <DIR> d-------- C:\Windows\SHELLNEW

2008-03-25 23:14 . 2008-03-25 23:14 <DIR> d-------- C:\Windows\PCHEALTH

2008-03-25 23:14 . 2008-03-25 23:14 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-03-25 23:05 . 2008-03-25 23:05 <DIR> d-------- C:\Users\All Users\eMule

2008-03-25 23:05 . 2008-03-25 23:05 <DIR> d-------- C:\ProgramData\eMule

2008-03-25 23:04 . 2008-03-25 23:04 <DIR> dr-h----- C:\MSOCache

2008-03-25 14:03 . 2008-03-25 14:03 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\Creative

2008-03-25 14:03 . 2008-03-25 14:03 595,456 --a------ C:\Windows\System32\schedsvc.dll

2008-03-25 14:03 . 2008-03-25 14:03 115,200 --a------ C:\Windows\System32\loadperf.dll

2008-03-25 14:03 . 2008-03-25 14:03 39,424 --a------ C:\Windows\System32\lodctr.exe

2008-03-25 14:03 . 2008-03-25 14:03 32,256 --a------ C:\Windows\System32\unlodctr.exe

2008-03-25 14:03 . 2008-03-25 14:03 17,408 --a------ C:\Windows\System32\prflbmsg.dll

2008-03-25 14:02 . 2008-03-25 14:02 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-03-25 14:02 . 2008-03-25 14:02 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe

2008-03-25 14:02 . 2008-03-25 14:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-03-25 14:02 . 2008-03-25 14:02 41,984 --a------ C:\Windows\System32\drivers\monitor.sys

2008-03-25 14:00 . 2008-03-25 14:00 11,776 --a------ C:\Windows\System32\sbunattend.exe

2008-03-25 13:59 . 2008-03-27 00:24 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-03-25 13:59 . 2008-03-27 00:24 <DIR> d-------- C:\ProgramData\WLInstaller

2008-03-25 13:58 . 2008-03-25 13:58 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-03-25 13:54 . 2008-03-25 13:54 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-03-25 13:39 . 2008-03-25 13:39 <DIR> d-------- C:\Program Files\YourWare Solutions

2008-03-25 13:38 . 2008-04-03 00:44 <DIR> d-------- C:\Users\All Users\DVD Shrink

2008-03-25 13:38 . 2008-04-03 00:44 <DIR> d-------- C:\ProgramData\DVD Shrink

2008-03-25 13:38 . 2008-03-31 05:50 <DIR> d-------- C:\Program Files\Marcos Velasco Security

2008-03-25 13:38 . 2008-03-25 13:38 <DIR> d-------- C:\Program Files\DVD Shrink

2008-03-25 13:36 . 2008-03-25 13:36 <DIR> d-------- C:\Program Files\eMule

2008-03-25 13:36 . 2008-03-25 13:36 <DIR> d-------- C:\Program Files\7-Zip

2008-03-25 13:35 . 2008-03-25 13:35 <DIR> d-------- C:\Program Files\CCleaner

2008-03-25 13:22 . 2008-03-25 13:22 1,712,984 --a------ C:\Windows\System32\wuaueng.dll

2008-03-25 13:22 . 2008-03-25 13:22 1,524,224 --a------ C:\Windows\System32\wucltux.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-25 17:16 --------- d-----w C:\Program Files\Windows Sidebar

2008-03-25 17:16 --------- d-----w C:\Program Files\Windows Mail

2008-03-25 17:04 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys

2008-03-25 17:04 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys

2008-03-25 17:04 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys

2008-03-25 17:04 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys

2008-03-25 17:04 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys

2008-03-25 17:04 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys

2008-03-25 17:04 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys

2008-03-25 17:01 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-03-25 17:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-03-25 17:01 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-03-25 17:01 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-03-25 17:01 217,144 ----a-w C:\Windows\system32\drivers\netio.sys

2008-03-25 17:01 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-03-25 17:01 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-03-25 17:01 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-03-25 17:01 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-03-25 17:01 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-03-25 17:01 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-03-25 17:01 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-03-25 16:53 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-03-25 16:00 --------- d-sh--w C:\ProgramData\Modelos

2008-03-25 16:00 --------- d-sh--w C:\ProgramData\Menu Iniciar

2008-03-25 16:00 --------- d-sh--w C:\ProgramData\Favoritos

2008-03-25 16:00 --------- d-sh--w C:\ProgramData\Documentos

2008-03-25 16:00 --------- d-sh--w C:\ProgramData\Desktop

2008-03-25 16:00 --------- d-sh--w C:\ProgramData\Dados de aplicativos

2008-03-25 16:00 --------- d-sh--w C:\Program Files\Common Files\Sistema

2008-03-25 16:00 --------- d-sh--w C:\Program Files\Arquivos Comuns

2008-03-19 01:01 25,784 ------w C:\Windows\system32\drivers\msahci.sys

2008-03-19 01:01 20,152 ------w C:\Windows\system32\drivers\viaide.sys

2008-03-19 01:01 19,128 ------w C:\Windows\system32\drivers\cmdide.sys

2008-03-19 01:01 18,104 ------w C:\Windows\system32\drivers\amdide.sys

2008-03-19 01:01 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-03-19 01:01 17,592 ------w C:\Windows\system32\drivers\aliide.sys

2008-03-19 00:57 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys

2008-03-19 00:57 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys

2008-03-19 00:57 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys

2008-03-19 00:57 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys

2008-03-19 00:57 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys

2008-03-19 00:57 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys

2008-03-19 00:56 --------- d-----w C:\Program Files\Windows Calendar

2008-03-19 00:55 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys

2008-03-19 00:55 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys

2008-03-19 00:55 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys

2008-03-19 00:55 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys

2008-03-19 00:54 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys

2008-03-19 00:54 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys

2008-03-19 00:54 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys

2008-03-19 00:51 --------- d-----w C:\Program Files\Windows Defender

2008-03-19 00:50 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys

2008-03-19 00:50 28,344 ----a-w C:\Windows\system32\drivers\battc.sys

2008-03-19 00:50 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys

2008-03-19 00:50 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys

2008-03-19 00:50 20,920 ------w C:\Windows\system32\drivers\compbatt.sys

2008-03-19 00:50 2,923,520 ----a-w C:\Windows\explorer.exe

2008-03-19 00:50 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS

2008-03-19 00:50 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys

2008-03-19 00:50 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys

2008-03-19 00:47 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys

2008-03-18 17:10 174 --sha-w C:\Program Files\desktop.ini

2008-01-09 18:01 53,248 ----a-w C:\Windows\bdoscandel.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 03:03 17920]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-28 02:51 36864]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-12-15 00:54 137752]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-12-15 00:53 154136]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-12-15 00:53 133656]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 15:39 189736]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-18 14:20:25 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\Windows\Downloaded Program Files\gbiehabn.dll [2008-03-10 12:19 348072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{E43D03BF-D0D6-4997-ACE6-270DEE580CB2}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"TCP Query User{E9D3E9CC-3F64-45B9-AB1F-B7A85E4E6FD8}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{4176CB75-1AAA-485A-AC26-F4CCB9E10DF3}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"TCP Query User{F99DA093-21AA-469D-A08B-757E144E91B4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{F5312FDA-45D9-4E71-9C07-D7EC3908BD2A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 14:12]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 08:07]

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 21:39]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-12-15 00:53]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-12-15 00:54]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 02:51]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 02:51]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 02:31]

S3 BCM43XV;Driver de Adaptador de Rede Broadcom 802.11 Extensible;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-10 00:18]

S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 04:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-04 07:41:43 C:\Windows\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

"2008-03-31 16:58:45 C:\Windows\Tasks\At1.job"

- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVJOBS.EXEn/PROGRAMADA PAV5.tsk PAV_FOG.OPC

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-04 04:48:26

Windows 6.0.6000 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-04-04 4:49:50

ComboFix-quarantined-files.txt 2008-04-04 07:49:45

ComboFix2.txt 2008-04-01 02:59:58

Pre-Run: 61,037,043,712 bytes disponíveis

Post-Run: 60,796,727,296 bytes disponíveis

.

2008-04-04 01:55:57 --- E O F ---