[Arquivado] erro de aplicativo

Alvaro & Rute · Agosto 7, 2008

é o seguinte meu pc esta com um erro de aplicativo e naum consigo aruma-lo pesso ajuda a vcs para me ajudarem

esse é o erro :A instrução no "0x7c901010" fez referência à memória no "0x03120fec". A memória não pôde ser "read". Clique em 'OK' para encerrar o programa

espero que isso possa ajudar:

Logfile of HijackThis v1.99.1

Scan saved at 17:41:14, on 7/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Acelerador POP\slipcore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Venturi2\Client\ventc.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\rsvp.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\jaqueline\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Arquivos de programas\P2P_Energy\tbP2P1.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Arquivos de programas\P2P_Energy\tbP2P1.dll

O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Arquivos de programas\Acelerador POP\PBHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Arquivos de programas\P2P_Energy\tbP2P1.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Acelerador POP - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Arquivos de programas\Acelerador POP\Toolband.dll

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Nero DriveSpeed] C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [POPDiscador] C:\Arquivos de programas\POPDiscador\POPDiscador.exe --minimized

O4 - HKLM\..\Run: [slipStream] "C:\Arquivos de programas\Acelerador POP\slipcore.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iBest.baloon] C:\Arquivos de programas\Discador Geeko\baloon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DeleteHistoryFree] C:\Arquivos de programas\DeleteHistoryFree\dhf.exe

O4 - Global Startup: Acelerador POP.lnk = C:\Arquivos de programas\Acelerador POP\slipgui.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5300D75-F136-4C83-8F68-DA3702BF9B20}: NameServer = 10.1.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ServiceLayer - Unknown owner - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe (file missing)

O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe

Silas Martins · Agosto 7, 2008

Baixe o ComboFix e salve na área de trabalho.

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

Alvaro & Rute · Agosto 8, 2008

ComboFix 08-08-05.05 - jaqueline 2008-08-08 13:42:02.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.179 [GMT -3:00]

Executando de: C:\Documents and Settings\jaqueline\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-08 to 2008-08-08 ))))))))))))))))))))))))))))))))

.

2008-08-06 14:56 . 2008-08-06 14:56 <DIR> d-------- C:\!KillBox

2008-08-06 14:36 . 2008-08-06 14:36 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-08-06 14:36 . 2008-08-06 14:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-08-06 14:36 . 2008-08-06 14:36 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-08-06 14:36 . 2008-08-06 14:36 <DIR> d-------- C:\Documents and Settings\jaqueline\Configurações locais

2008-08-06 14:36 . 2008-08-06 14:36 <DIR> d-------- C:\Documents and Settings\alvaro\Configurações locais

2008-08-06 14:36 . 2008-08-06 14:36 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-08-04 17:40 . 2008-08-04 17:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Motorola Shared

2008-08-04 16:27 . 2002-05-10 09:28 57,344 --a------ C:\WINDOWS\system32\vlsp.dll

2008-08-02 01:45 . 2008-08-02 01:46 <DIR> d-------- C:\Arquivos de programas\Acelerador POP

2008-07-09 18:55 . 2008-07-09 18:55 <DIR> d-------- C:\Arquivos de programas\Brasil-Games

2008-07-09 14:50 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-07-09 14:50 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-07-09 14:50 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-07-09 14:50 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-07-09 14:50 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-07-09 14:50 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-07-09 14:50 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll

2008-07-09 14:50 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-07-09 14:50 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-08 16:47 --------- d-----w C:\Documents and Settings\jaqueline\Dados de aplicativos\Orbit

2008-08-08 03:13 --------- d-----w C:\Arquivos de programas\POPDiscador

2008-08-07 03:24 --------- d-----w C:\Documents and Settings\jaqueline\Dados de aplicativos\SlipStream

2008-08-07 03:02 --------- d-----w C:\Documents and Settings\alvaro\Dados de aplicativos\Orbit

2008-08-06 16:09 --------- d-----w C:\Documents and Settings\jaqueline\Dados de aplicativos\the meal date

2008-08-06 15:33 --------- d-----w C:\Arquivos de programas\Capote

2008-08-05 03:02 --------- d-----w C:\Arquivos de programas\UIU

2008-08-05 02:08 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-04 03:50 --------- d-----w C:\Arquivos de programas\Mu DESTINY

2008-08-02 04:37 --------- d-----w C:\Arquivos de programas\Discador Orolix

2008-07-16 16:29 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\close poke frag ooze

2008-07-04 18:20 --------- d-----w C:\Arquivos de programas\Circle Developement

2008-07-03 20:03 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-19 22:33 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-06-19 17:42 --------- d-----w C:\Arquivos de programas\the meal date

2008-06-19 17:42 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-06-19 17:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-06-19 17:34 --------- d-----w C:\Arquivos de programas\Windows Live

2008-06-16 15:53 --------- d-----w C:\Arquivos de programas\Badongo

2008-06-15 18:09 --------- d-----w C:\Arquivos de programas\Google

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 12:22 --------- d-----w C:\Arquivos de programas\MP3 Player Utilities 4.00

2008-06-14 00:52 --------- d-----w C:\Arquivos de programas\DeleteHistoryFree

2008-06-13 17:45 --------- d-----w C:\Arquivos de programas\MYMA Decoder and Viewer

2008-06-08 17:54 --------- d-----w C:\Arquivos de programas\Mu Brasil-Games

2007-12-07 15:50 122,293 ----a-w C:\Arquivos de programas\INSTALL.LOG

2006-06-23 17:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

.

((((((((((((((((((((((((((((( snapshot@2008-08-06_14.35.38.76 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-08-06 17:32:55 225,187 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin

+ 2008-08-08 16:45:59 225,184 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin

+ 2008-08-08 16:45:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4ac.dat

- 2008-08-06 17:32:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5c8.dat

+ 2008-08-08 14:48:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5c8.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Arquivos de programas\P2P_Energy\tbP2P1.dll" [2008-02-29 09:04 1555480]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

2008-02-29 09:04 1555480 --a------ C:\Arquivos de programas\P2P_Energy\tbP2P1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Arquivos de programas\P2P_Energy\tbP2P1.dll" [2008-02-29 09:04 1555480]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "C:\Arquivos de programas\P2P_Energy\tbP2P1.dll" [2008-02-29 09:04 1555480]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"iBest.baloon"="C:\Arquivos de programas\Discador Geeko\baloon.exe" [2004-07-06 14:53 57344]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2008-02-20 11:33 963072]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"DeleteHistoryFree"="C:\Arquivos de programas\DeleteHistoryFree\dhf.exe" [2008-06-13 21:39 205312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 05:03 221184]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 02:01 32768]

"Nero DriveSpeed"="C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE" [2005-04-20 17:46 593920]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 06:11 925696]

"POPDiscador"="C:\Arquivos de programas\POPDiscador\POPDiscador.exe" [2007-07-30 09:52 2040832]

"SlipStream"="C:\Arquivos de programas\Acelerador POP\slipcore.exe" [2006-11-23 16:39 245760]

"MsmqIntCert"="mqrt.dll" [2007-07-06 09:51 177152 C:\WINDOWS\system32\mqrt.dll]

"VTTimer"="VTTimer.exe" [2005-03-08 00:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-11-01 01:15 163840 C:\WINDOWS\system32\VTTrayp.exe]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Acelerador POP.lnk - C:\Arquivos de programas\Acelerador POP\slipgui.exe [2008-08-02 01:45:46 159744]

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-05-21 19:12:07 1678536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 11:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 11:37]

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\jaqueline\Dados de aplicativos\Mozilla\Firefox\Profiles\4n2yvikc.default\

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-08 13:45:48

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\msdtc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\snmp.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Venturi2\Client\VentC.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-08 13:49:16 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-08 16:49:10

ComboFix2.txt 2008-08-06 17:36:06

Pre-Run: 18 pasta(s) 46,395,420,672 bytes disponíveis

Post-Run: 20 pasta(s) 46,789,345,280 bytes dispon¡veis

165 --- E O F --- 2008-07-09 18:01:07

Alvaro & Rute · Agosto 8, 2008

Logfile of HijackThis v1.99.1

Scan saved at 13:51:14, on 8/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Venturi2\Client\ventc.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Acelerador POP\slipcore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Discador Geeko\baloon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Acelerador POP\slipgui.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe