[Arquivado] PC e conexão com a Internet lentos³

[hakghen 0]

Bom Dia,

 

Após resolver o problema do vírus Win.32/Virut.5I porém, após limpar o sistema completamente e uma análise profunda com o AVG 8, descobri uma outra ameaça, Trojan.Spambot.G que aparentemente estava consumindo 100% da minha CPU e banda da internet, deixando o computador quase que inutilizável. O AVG conseguiu remover um dos arquivos infectados, tcprs.sys, porém este é criado novamente toda vez que acesso a internet.

 

Abaixo estou postando o log do HijackThis, por favor, peço que me ajudem... Estou a 3 dias tentando trazer meu PC de volta ao seu funcionamento normal =/ []'s e obrigado desde já!

___________

 

Logfile of HijackThis v1.99.1

Scan saved at 11:54, on 2008-11-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Administrador.BLACKPEARL\Desktop\HijackThis.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [WireLessMouse] C:\Arquivos de programas\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvSvc] C:\WINDOWS\system32\nvsvc32.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [openvpn-gui] D:\Arquivos de programas\OpenVPN\bin\openvpn-gui.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMFirstStart.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\npjpi160_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\npjpi160_06.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - D:\EmailExt\AeeMSIE.dll

O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - D:\EmailExt\AeeMSIE.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: imzxxs - C:\WINDOWS\SYSTEM32\imzxxs.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: eBoostr Service (EBOOSTRSVC) - Unknown owner - D:\eBoostr\EBstrSvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - D:\Arquivos de programas\OpenVPN\bin\openvpnserv.exe

O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - D:\Pinnacle Game Profiler\pinnacle_updater.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: MAXDB: .M760214 (SAP DBTech-.M760214) - SAP AG - D:\sapdb\NSP\db\pgm\kernel.exe

O23 - Service: MAXDB: .M760214 (quick) (SAP DBTech-.M760214 (quick)) - Unknown owner - D:\sapdb\NSP\db\pgm\quickknl.exe (file missing)

O23 - Service: MAXDB: .M760214 (slow) (SAP DBTech-.M760214 (slow)) - Unknown owner - D:\sapdb\NSP\db\pgm\slowknl.exe (file missing)

O23 - Service: MAXDB: .M760214 (omststknl.exe) (SAP DBTech-.M760214 (test)) - Unknown owner - D:\sapdb\NSP\db\pgm\omststknl.exe (file missing)

O23 - Service: MAXDB: NSP (SAP DBTech-NSP) - SAP AG - D:\sapdb\NSP\db\pgm\kernel.exe

O23 - Service: MAXDB: NSP (quick) (SAP DBTech-NSP (quick)) - Unknown owner - D:\sapdb\NSP\db\pgm\quickknl.exe (file missing)

O23 - Service: MAXDB: NSP (slow) (SAP DBTech-NSP (slow)) - Unknown owner - D:\sapdb\NSP\db\pgm\slowknl.exe (file missing)

O23 - Service: MAXDB: NSP (omststknl.exe) (SAP DBTech-NSP (test)) - Unknown owner - D:\sapdb\NSP\db\pgm\omststknl.exe (file missing)

O23 - Service: SAP DB WWW (SAPDBWWW) - Unknown owner - d:\sapdb\programs\web\pgm\wahttp.exe

O23 - Service: SAPNSP_00 - SAP AG - D:\SAP\NSP\SYS\exe\run\sapstartsrv.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: XServer - SAP AG - D:\sapdb\programs\pgm\serv.exe

[jgarcia 1]

Opa hakghen,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Abraços.

[hakghen 0]

Segue abaixo log do ComboFix... Ah sim, adicionando: sempre que inicio há um erro no svchost (sobre a memória nã opoder ser written) e no generic host processor for Win32...

 

Agradeço a ajuda e atenção desde já ;)

_______

 

ComboFix 08-11-03.03 - André 2008-11-04 0:40:01.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.577 [GMT -2:00]

Executando de: c:\documents and settings\André\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\André\Dados de aplicativos\inst.exe

c:\windows\system32\drivers\tcpsr.sys

.

---- Previous Run -------

.

c:\documents and settings\Sonia\Dados de aplicativos\Microsoft\dtsc

c:\documents and settings\Sonia\Dados de aplicativos\Microsoft\dtsc\s

c:\windows\IE4 Error Log.txt

c:\windows\msnimport.exe

c:\windows\system32\5.tmp

c:\windows\system32\drivers\tcpsr.sys

c:\windows\system32\imzxxs.dll

c:\windows\system32\Setup_ver1.1351.25.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_FCI

-------\Legacy_NPF

-------\Legacy_OREANS32

-------\Legacy_TCPSR

-------\Service_FCI

-------\Service_ICF

-------\Service_NPF

-------\Service_oreans32

-------\Service_tcpsr

-------\Service_tcpsr

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-04 to 2008-11-04 ))))))))))))))))))))))))))))

.

 

2008-11-02 13:23 . 2008-11-02 13:23 <DIR> d-------- c:\documents and settings\André\DoctorWeb

2008-11-02 13:23 . 2008-11-02 13:23 <DIR> d-------- c:\documents and settings\André\DoctorWeb

2008-11-02 12:21 . 2008-11-02 12:25 <DIR> d-------- c:\documents and settings\Administrador.BLACKPEARL\DoctorWeb

2008-11-02 12:21 . 2008-11-02 12:26 <DIR> d-------- c:\arquivos de programas\Windows Live Safety Center

2008-11-02 12:18 . 2008-11-02 12:18 <DIR> d---s---- c:\documents and settings\Administrador.BLACKPEARL\UserData

2008-11-02 12:13 . 2008-11-02 12:22 <DIR> d-------- c:\documents and settings\Administrador.BLACKPEARL\.jSMS

2008-11-02 11:48 . 2008-06-14 15:59 272,384 --------- c:\windows\system32\drivers\bthport.sys

2008-11-02 11:48 . 2008-06-14 15:59 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2008-11-02 01:06 . 2008-11-02 15:01 <DIR> d--h----- C:\$AVG8.VAULT$

2008-11-02 00:43 . 2008-11-02 20:26 <DIR> d-------- c:\windows\system32\CatRoot_bak

2008-11-02 00:35 . 2008-11-02 23:24 <DIR> d-------- c:\windows\system32\drivers\Avg

2008-11-02 00:35 . 2008-11-02 00:35 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8

2008-11-02 00:35 . 2008-11-02 00:35 <DIR> d-------- c:\arquivos de programas\AVG

2008-11-02 00:35 . 2008-11-02 00:35 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys

2008-11-02 00:35 . 2008-11-02 00:35 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys

2008-11-02 00:35 . 2008-11-02 00:35 10,520 --a------ c:\windows\system32\avgrsstx.dll

2008-11-01 23:48 . 2008-11-04 00:47 32,768 --a------ c:\windows\system32\drivers\ati4msxx.sys

2008-11-01 10:21 . 2008-11-01 10:21 88 --a------ c:\windows\system32\3.tmp

2008-11-01 10:21 . 2008-11-01 10:21 18 --a------ c:\windows\system32\7.tmp

2008-11-01 01:23 . 2008-11-01 01:23 <DIR> d-------- c:\documents and settings\Administrador.BLACKPEARL.000\Contacts

2008-11-01 01:20 . 2008-11-01 01:20 <DIR> d-------- c:\windows\NV488880.TMP

2008-11-01 01:20 . 2008-11-01 01:20 <DIR> d-------- c:\documents and settings\NetworkService.AUTORIDADE NT\Dados de aplicativos

2008-11-01 01:20 . 2008-11-02 11:31 <DIR> d--h----- c:\documents and settings\NetworkService.AUTORIDADE NT\Configurações locais

2008-11-01 01:20 . 2008-11-01 01:20 <DIR> d--hs---- c:\documents and settings\NetworkService.AUTORIDADE NT

2008-11-01 01:20 . 2008-11-01 01:20 <DIR> d-------- c:\documents and settings\LocalService.AUTORIDADE NT\Dados de aplicativos

2008-11-01 01:20 . 2008-11-02 11:30 <DIR> d--h----- c:\documents and settings\LocalService.AUTORIDADE NT\Configurações locais

2008-11-01 01:20 . 2008-11-01 01:20 <DIR> d--hs---- c:\documents and settings\LocalService.AUTORIDADE NT

2008-11-01 01:20 . 2007-04-23 22:18 <DIR> d--h----- c:\documents and settings\Administrador.BLACKPEARL.000\Modelos

2008-11-01 01:20 . 2008-11-01 01:23 <DIR> dr------- c:\documents and settings\Administrador.BLACKPEARL.000\Meus documentos

2008-11-01 01:20 . 2006-03-25 20:26 <DIR> dr------- c:\documents and settings\Administrador.BLACKPEARL.000\Menu Iniciar

2008-11-01 01:20 . 2008-11-01 01:22 <DIR> dr------- c:\documents and settings\Administrador.BLACKPEARL.000\Favoritos

2008-11-01 01:20 . 2008-11-01 01:22 <DIR> dr-h----- c:\documents and settings\Administrador.BLACKPEARL.000\Dados de aplicativos

2008-11-01 01:20 . 2008-11-01 01:22 <DIR> d--h----- c:\documents and settings\Administrador.BLACKPEARL.000\Configurações locais

2008-11-01 01:20 . 2008-04-22 09:01 <DIR> d-------- c:\documents and settings\Administrador.BLACKPEARL.000\Configuraþ§es locais

2008-11-01 01:20 . 2006-03-25 20:26 <DIR> d--h----- c:\documents and settings\Administrador.BLACKPEARL.000\Ambiente de rede

2008-11-01 01:20 . 2006-03-25 20:26 <DIR> d--h----- c:\documents and settings\Administrador.BLACKPEARL.000\Ambiente de impressão

2008-11-01 01:20 . 2008-11-01 01:23 <DIR> d-------- c:\documents and settings\Administrador.BLACKPEARL.000

2008-10-31 22:54 . 2008-10-31 22:54 <DIR> d-------- c:\documents and settings\Administrador.BLACKPEARL\Dados de aplicativos\Ahead

2008-10-31 22:11 . 2008-11-01 01:33 <DIR> d-------- c:\windows\tmp

2008-10-31 20:15 . 2008-10-31 20:15 <DIR> d-------- c:\documents and settings\Administrador.BLACKPEARL\Dados de aplicativos\Media Player Classic

2008-10-31 13:23 . 2008-11-01 00:43 <DIR> d---s---- c:\windows\system32\config\systemprofile\UserData

2008-10-31 13:21 . 2008-10-31 13:21 18 --a------ c:\windows\system32\4.tmp

2008-10-31 12:17 . 2008-11-01 00:43 <DIR> d-------- C:\RMVirut

2008-10-31 11:56 . 2008-11-01 00:35 <DIR> d-------- c:\documents and settings\André\Dados de aplicativos\Babylon

2008-10-26 15:18 . 2008-10-27 01:46 <DIR> d-------- c:\windows\NV38282360.TMP

2008-10-26 15:18 . 2008-10-07 14:33 201,157 --a------ c:\windows\system32\nvapps.nvb

2008-10-26 12:58 . 2008-10-26 13:00 <DIR> d-------- c:\arquivos de programas\SystemRequirementsLab

2008-10-20 13:40 . 2008-10-20 13:40 664 --a------ c:\windows\system32\d3d9caps.dat

2008-10-12 12:19 . 2008-10-12 12:20 <DIR> d-------- c:\documents and settings\André\Dados de aplicativos\SPORE

2008-10-09 13:43 . 2008-10-09 13:43 54,156 --ah----- c:\windows\QTFont.qfn

2008-10-09 13:43 . 2008-10-09 13:43 1,409 --a------ c:\windows\QTFont.for

2008-10-08 15:59 . 2008-10-08 15:59 <DIR> d-------- c:\documents and settings\Luiz\Dados de aplicativos\Nokia

2008-10-07 14:33 . 2008-10-07 14:33 1,368,064 --a------ c:\windows\system32\nvcuda.dll

2008-10-06 01:43 . 2008-10-06 01:43 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\PCSuite

2008-10-06 01:40 . 2008-10-06 01:40 <DIR> d-------- c:\arquivos de programas\PC Connectivity Solution

2008-10-06 01:40 . 2008-10-06 01:40 <DIR> d-------- c:\arquivos de programas\DIFX

2008-10-06 01:40 . 2007-09-17 16:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys

2008-10-06 01:03 . 2008-10-06 01:03 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-10-06 01:01 . 2008-10-06 01:01 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Nokia

2008-10-06 00:58 . 2008-05-07 08:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll

2008-10-06 00:58 . 2008-05-07 08:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys

2008-10-06 00:58 . 2008-05-07 08:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys

2008-10-06 00:58 . 2008-05-07 08:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys

2008-10-06 00:58 . 2008-06-06 10:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys

2008-10-06 00:57 . 2008-02-01 17:17 138,112 --a------ c:\windows\system32\drivers\nmwcdnsu.sys

2008-10-06 00:57 . 2008-02-01 17:17 8,320 --a------ c:\windows\system32\drivers\nmwcdnsuc.sys

2008-10-04 18:54 . 2008-10-04 18:54 <DIR> d--h----- c:\windows\system32\GroupPolicy

2008-10-04 17:47 . 2008-04-22 11:57 186,463 --a------ C:\wubildr

2008-10-04 17:47 . 2008-04-22 11:57 8,192 --a------ C:\wubildr.mbr

2008-10-04 15:27 . 2001-07-13 14:56 14,976 --a------ c:\windows\system32\drivers\SBKUPNT.SYS

2008-10-04 15:27 . 1997-02-08 18:11 13,312 --a------ c:\windows\system32\DEVLOAD.EXE

2008-10-04 15:27 . 2005-11-26 20:45 2,799 --a------ c:\windows\SKLANG.INI

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-04 02:47 --------- d-----w c:\arquivos de programas\LogMeIn

2008-11-04 02:10 --------- d-----w c:\arquivos de programas\Paint.NET

2008-11-02 15:33 --------- d-----w c:\arquivos de programas\Arquivos comuns\SAP Shared

2008-11-02 13:22 14,336 ----a-w c:\windows\system32\svchost.exe

2008-11-02 03:06 --------- d-----w c:\arquivos de programas\GameSpy Arcade

2008-11-02 02:52 --------- d-----w c:\arquivos de programas\ESET

2008-11-01 02:45 --------- d-----w c:\arquivos de programas\Arquivos comuns\Tweak Marketing

2008-10-31 13:42 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\eboostr

2008-10-25 03:16 --------- d-----w c:\documents and settings\André\Dados de aplicativos\Vso

2008-10-22 15:05 --------- d-----w c:\arquivos de programas\Arquivos comuns\Blizzard Entertainment

2008-10-17 15:58 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2008-10-12 14:07 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-10-09 17:19 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2008-10-08 02:35 --------- d-----w c:\documents and settings\André\Dados de aplicativos\PC Suite

2008-10-06 03:45 --------- d-----w c:\documents and settings\André\Dados de aplicativos\Nokia

2008-10-06 03:43 --------- d-----w c:\arquivos de programas\Nokia

2008-10-06 03:43 --------- d-----w c:\arquivos de programas\Arquivos comuns\Nokia

2008-10-06 03:39 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Installations

2008-10-02 13:07 453,152 -c--a-w c:\windows\system32\NVUNINST.EXE

2008-09-24 12:30 --------- d-----w c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2008-09-24 12:28 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-09-23 02:55 --------- d-----w c:\documents and settings\André\Dados de aplicativos\PHP Designer 2007

2008-09-19 21:54 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-09-19 21:54 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-09-19 21:53 --------- d-----w c:\arquivos de programas\IrfanView

2008-09-19 21:49 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2008-09-19 21:49 --------- d-----w c:\arquivos de programas\Motorola Phone Tools

2008-09-18 16:15 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\vsosdk

2008-09-18 14:46 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2008-09-18 14:46 47,360 ----a-w c:\documents and settings\André\Dados de aplicativos\pcouffin.sys

2008-09-18 14:46 --------- d-----w c:\arquivos de programas\VSO

2008-09-17 16:52 --------- d-----w c:\documents and settings\Luiz\Dados de aplicativos\Nokia Multimedia Player

2008-09-15 15:40 1,846,144 ----a-w c:\windows\system32\win32k.sys

2008-09-07 15:40 --------- d-----w c:\arquivos de programas\DVD Shrink

2008-09-07 03:48 --------- d-----w c:\documents and settings\André\Dados de aplicativos\Camfrog

2008-09-06 03:53 --------- d-----w c:\documents and settings\André\Dados de aplicativos\Skype

2008-09-05 13:45 --------- d-----w c:\arquivos de programas\MegauploadToolbar

2008-09-05 13:26 3,010 -c--a-w c:\windows\system32\tmp.reg

2008-09-05 13:06 --------- d-----w c:\arquivos de programas\PremierOpinion

2008-09-05 03:47 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2008-09-05 02:52 --------- d-----w c:\documents and settings\Ana\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-09-04 21:37 --------- d-----w c:\documents and settings\Luiz\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-09-04 20:57 --------- d-----w c:\documents and settings\Sonia\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-09-04 20:54 --------- d-----w c:\arquivos de programas\uTorrent

2008-08-24 18:10 230,432 ----a-w C:\StiImg.dat

2007-11-27 12:42 24,192 -c--a-w c:\documents and settings\André\usbsermptxp.sys

2007-11-27 12:42 24,192 -c--a-w c:\documents and settings\André\usbsermptxp.sys

2007-11-27 12:42 22,768 -c--a-w c:\documents and settings\André\usbsermpt.sys

2007-11-27 12:42 22,768 -c--a-w c:\documents and settings\André\usbsermpt.sys

2003-09-16 04:19 99,328 -c--a-w c:\windows\inf\virprn.exe

2003-09-16 04:19 90,624 -c--a-w c:\windows\inf\prtproc.dll

2003-09-16 04:19 18,950 -c--a-w c:\windows\inf\virpntd.dll

2003-09-16 04:19 10,240 -c--a-w c:\windows\inf\virport.dll

2007-05-22 22:14 8,784 -c--a-w c:\arquivos de programas\mozilla firefox\plugins\ractrlkeyhook.dll

2007-05-22 22:17 245,408 -c--a-w c:\arquivos de programas\mozilla firefox\plugins\unicows.dll

2006-05-03 09:06 163,328 -csh--r c:\windows\system32\flvDX.dll

2007-02-21 10:47 31,232 -csh--r c:\windows\system32\msfDX.dll

.

 

------- Sigcheck -------

 

2004-08-04 01:45 1034240 d3b615eef3f1d05f070a4bd71b2606c0 c:\windows\explorer.exe

2008-04-14 00:20 1035776 064ec7ff5f58b928c3e119402977fa6d c:\windows\SoftwareDistribution\Download\2a60e602cf3ad9f8995c50d6eb232bb8\explorer.exe

2004-08-04 01:45 1034240 d3b615eef3f1d05f070a4bd71b2606c0 c:\windows\system32\dllcache\explorer.exe

 

2008-04-14 00:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f c:\windows\SoftwareDistribution\Download\2a60e602cf3ad9f8995c50d6eb232bb8\ctfmon.exe

2004-08-04 01:45 15360 31d796a4f455d9342eaa3ce8561ce345 c:\windows\system32\ctfmon.exe

2004-08-04 01:45 15360 31d796a4f455d9342eaa3ce8561ce345 c:\windows\system32\dllcache\ctfmon.exe

 

2008-04-14 00:21 57856 af1d9ae15c11163f576df6ed6194b53c c:\windows\SoftwareDistribution\Download\2a60e602cf3ad9f8995c50d6eb232bb8\spoolsv.exe

2004-08-04 01:45 57856 696bde6ae3077d47fc77d8536787ce51 c:\windows\system32\spoolsv.exe

2004-08-04 01:45 57856 696bde6ae3077d47fc77d8536787ce51 c:\windows\system32\dllcache\spoolsv.exe

 

2008-04-14 00:21 26112 a7ea40f680163808d96f89b4ff991876 c:\windows\SoftwareDistribution\Download\2a60e602cf3ad9f8995c50d6eb232bb8\userinit.exe

2004-08-04 01:45 24576 9764caddc4d815c85b771a8ae36f35a7 c:\windows\system32\userinit.exe

2004-08-04 01:45 24576 9764caddc4d815c85b771a8ae36f35a7 c:\windows\system32\dllcache\userinit.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"STYLEXP"="c:\arquivos de programas\TGTSoft\StyleXP\StyleXP.exe" [2006-04-04 1368064]

"Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-07-02 495616]

"Rainlendar2"="d:\arquivos de programas\Rainlendar\Rainlendar2.exe" [2007-04-01 1290240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"IntelliPoint"="c:\arquivos de programas\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]

"WireLessMouse"="c:\arquivos de programas\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 94208]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]

"Adobe Acrobat Speed Launcher"="d:\arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="d:\arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-11-02 1235736]

"openvpn-gui"="d:\arquivos de programas\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]

"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoCloseDragDropBands"= 0 (0x0)

"NoMovingBands"= 0 (0x0)

"NoBandCustomize"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\\Arquivos de programas\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2007-11-15 18:46 87352 c:\windows\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"msacm.imc"= imc32.acm

"SENTINEL"= snti386.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4msxx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8xexx.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hp psc 1000 series.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\hp psc 1000 series.lnk

backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hpoddt01.exe.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\hpoddt01.exe.lnk

backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Service Manager.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Service Manager.lnk

backup=c:\windows\pss\Service Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^André^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=c:\documents and settings\André\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-03-12 14:49 153136 c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

--a--c--- 2007-09-12 11:20 63048 c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 12:34 5724184 c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-10-07 14:33 13574144 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-10-07 14:33 86016 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2007-08-06 22:05 200704 d:\arquivos de programas\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QveCtl2Tray]

--a--c--- 2003-09-20 12:41 720896 c:\arquivos de programas\Philips\Sound Agent 2\mc500cpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix]

--a--c--- 2008-09-03 04:58 763544 c:\sdfix\SDFix\RunThis.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\slide.exe]

--a--c--- 2007-06-08 13:47 37760 c:\arquivos de programas\Slide\Slide.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r---c--- 2005-05-03 08:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-10-07 14:33 1630208 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r---c--- 2006-06-13 10:05 16240640 c:\windows\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"sdCoreService"=3 (0x3)

"sdAuxService"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\utorrent.exe"=

"c:\\Arquivos de programas\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Arquivos de programas\\Yahoo!\\Messenger\\YServer.exe"=

"d:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

"d:\\ICQ\\ICQ6\\ICQ.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\André\\Meus documentos\\jsms.exe"=

"d:\\RED FACTION\\rf.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12038:TCP"= 12038:TCP:BitComet 12038 TCP

"12038:UDP"= 12038:UDP:BitComet 12038 UDP

 

R0 ati4msxx;ati4msxx;c:\windows\system32\Drivers\ati4msxx.sys [2008-11-04 32768]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-02 98440]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-02 90632]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2008-11-02 874776]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-11-02 231704]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\RaInfo.sys [2007-09-12 12992]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-09-12 46112]

R2 SAP DBTech-NSP;MAXDB: NSP;d:\sapdb\NSP\db\pgm\kernel.exe [2007-05-25 7090176]

R2 SAPNSP_00;SAPNSP_00;d:\sap\NSP\SYS\exe\run\sapstartsrv.exe pf=d:\sap\NSP\SYS\profile\START_DVEBMGS00_blackpearl [ ]

R2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]

R2 UacFlt;Philips Composite Class Filter Driver;c:\windows\system32\DRIVERS\uacbflt.sys [2003-07-16 15104]

R2 XServer;XServer;d:\sapdb\programs\pgm\serv.exe [2007-05-25 483328]

R3 PAC207;VideoCAM GF112;c:\windows\system32\DRIVERS\pfc027.sys [2005-04-08 162176]

R3 psa500;Sound Agent 2 for Audio Set (WDM);c:\windows\system32\drivers\psa500.sys [2003-09-20 414976]

R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;c:\windows\system32\DRIVERS\QsndEnum.sys [2003-08-02 16256]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-09-27 21920]

R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2005-11-12 26112]

S0 ati8xexx;ati8xexx;c:\windows\system32\Drivers\ati8xexx.sys [ ]

S0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [ ]

S2 EBOOSTRSVC;eBoostr Service;d:\eboostr\EBstrSvc.exe [ ]

S2 Microsoft System Management;Microsoft System Management;c:\windows\system32\system.exe [ ]

S2 vnccom;vnccom;c:\windows\system32\Drivers\vnccom.SYS [2004-06-26 6016]

S3 bfastfao;bfastfao;c:\docume~1\ANDR~1\CONFIG~1\Temp\bfastfao.sys [ ]

S3 DAEDriver54;DAEDriver54;c:\documents and settings\André\Desktop\dak32.sys [ ]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2006-12-14 40832]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S3 Revolution1;Revolution1;c:\documents and settings\André\Desktop\SHAK3.sys [ ]

S3 SAP DBTech-.M760214 (quick);MAXDB: .M760214 (quick);d:\sapdb\NSP\db\pgm\quickknl.exe [ ]

S3 SAP DBTech-.M760214 (slow);MAXDB: .M760214 (slow);d:\sapdb\NSP\db\pgm\slowknl.exe [ ]

S3 SAP DBTech-.M760214 (test);MAXDB: .M760214 (omststknl.exe);d:\sapdb\NSP\db\pgm\omststknl.exe [ ]

S3 SAP DBTech-.M760214;MAXDB: .M760214;d:\sapdb\NSP\db\pgm\kernel.exe [2007-05-25 7090176]

S3 SAP DBTech-NSP (quick);MAXDB: NSP (quick);d:\sapdb\NSP\db\pgm\quickknl.exe [ ]

S3 SAP DBTech-NSP (slow);MAXDB: NSP (slow);d:\sapdb\NSP\db\pgm\slowknl.exe [ ]

S3 SAP DBTech-NSP (test);MAXDB: NSP (omststknl.exe);d:\sapdb\NSP\db\pgm\omststknl.exe [ ]

S3 SAPDBWWW;SAP DB WWW;d:\sapdb\programs\web\pgm\wahttp.exe [2006-07-06 815104]

S3 tcpsr;tcpsr;c:\windows\System32\drivers\tcpsr.sys [ ]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-11-03 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1181679665.job

- c:\arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 21:38]

 

2008-11-04 c:\windows\Tasks\GoogleUpdateTaskUser.job

- c:\documents and settings\Luiz\Configura []

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKU-Default-Run-Nokia.PCSync - c:\arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

MSConfigStartUp-googletalk - c:\arquivos de programas\Google\Google Talk\googletalk.exe

MSConfigStartUp-Load - c:\windows\svchost.exe

MSConfigStartUp-Microsoft WinUpdate - c:\windows\system32\msupdte.exe

MSConfigStartUp-mmtask - c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe

MSConfigStartUp-Pinnacle Game Profiler - d:\pinnacle\pinnacle.exe

MSConfigStartUp-rs32net - c:\windows\System32\rs32net.exe

MSConfigStartUp-SpyHunter Security Suite - c:\arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter3.exe

MSConfigStartUp-WatchDog - d:\mobile phonetools\WatchDog.exe

MSConfigStartUp-YOJV Agent - c:\windows\system32\28463\YOJV.exe

 

 

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\kog3s3pr.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orkut.com/

FF -: plugin - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\NPBILLARD8.dll

FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\npRACtrl.dll

FF -: plugin - c:\arquivos de programas\Yahoo!\Common\npyaxmpb.dll

FF -: plugin - c:\arquivos de programas\Yahoo!\Shared\npYState.dll

FF -: plugin - c:\documents and settings\André\Configurações locais\Dados de aplicativos\Google\Update\1.2.131.25\npGoogleOneClick6.dll

FF -: plugin - c:\documents and settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\kog3s3pr.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-04 00:49:25

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

c:\arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\arquivos de programas\LogMeIn\x86\ramaint.exe

c:\arquivos de programas\LogMeIn\x86\LogMeIn.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

d:\sap\NSP\SYS\exe\run\sapstartsrv.exe

c:\windows\system32\PAStiSvc.exe

c:\arquivos de programas\Multimedia Mouse Driver\MouseDrv.exe

c:\windows\system32\rundll32.exe

d:\sapdb\programs\pgm\dbmcli.exe

d:\sapdb\NSP\db\pgm\dbmsrv.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\windows\system32\imapi.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-04 1:10:39 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-11-04 03:09:56

ComboFix2.txt 2008-04-22 11:01:46

 

Pré-execução: 24 pasta(s) 27,285,168,128 bytes disponíveis

Pós execução: 24 pasta(s) 27,178,926,080 bytes disponíveis

 

403 --- E O F --- 2008-11-03 05:05:01

[jgarcia 1]

Opa hakghen,

 

Poste um novo log do ComboFix.

 

Abraços.

 

PS.: Desculpe a demora, pois o tempo anda curto. :(

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.