[Arquivado] Análise de Log do HijackThis

[julinano 0]

Boa noite pessoal,

 

estou tendo problemas com a minha máquina, peço ajuda se possível.

 

abaixo o log.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:59:46, on 8/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system\msrsys32.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\svchost.exe

D:\Meus Documentos\Downloads\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxymo.sociesc.com.br:3128

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {782ff274-abfa-4c66-b7c7-5cac5249e2fd} - c:\windows\system32\lvkrtnd.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: adojongq - C:\WINDOWS\SYSTEM32\lvkrtnd.dll

O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: Network Monitor service (MSNETDED) - Unknown owner - C:\WINDOWS\system\svhost.exe (file missing)

O23 - Service: MSR System Service (msrsys) - Unknown owner - C:\WINDOWS\system\msrsys32.exe

O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

 

--

End of file - 4440 bytes

 

 

valeu!

[Silas Martins 0]

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt e o novo log do hijackthis em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Aguardo retorno

[julinano 0]

Segue o Log do ComboFix

 

ComboFix 09-03-06.02 - Administrador 2009-03-09 11:02:11.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1790.1358 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090308-0] *On-access scanning enabled* (Updated)

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\067.exe

c:\windows\system32\504.exe

c:\windows\system32\554.exe

c:\windows\system32\624.exe

c:\windows\system32\643587.exe

c:\windows\system32\crypts.dll

c:\windows\system32\drivers\sysdrv32.sys

c:\windows\system32\lvkrtnd.dll

c:\windows\system32\UACgwvbrbua.dat

c:\windows\system32\uacinit.dll

c:\windows\system32\UACotfsmlam.log

c:\windows\Temp\12.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ayhdtxtt

-------\Legacy_GBPSV

-------\Legacy_icf

-------\Legacy_SYSDRV32

-------\Legacy_UACD.SYS

-------\Service_ayhdtxtt

-------\Service_GbpSv

-------\Service_sysdrv32

-------\Service_uacd.sys

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-09 to 2009-03-09 ))))))))))))))))))))))))))))

.

 

2070-01-01 07:58 . 2070-01-01 07:58 <DIR> d-------- c:\arquivos de programas\CCleaner

2070-01-01 06:29 . 2070-01-01 06:29 <DIR> d-------- c:\arquivos de programas\Alwil Software

2070-01-01 06:24 . 2070-01-01 06:24 <DIR> d-------- C:\!KillBox

2069-12-31 22:36 . 2009-03-08 23:53 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2069-12-31 22:35 . 2069-12-31 22:35 102,409 --a------ c:\windows\system32\msvcrt2.dll

2069-12-31 22:26 . 2069-12-31 22:26 89 --a------ c:\windows\wininit.ini

2009-03-08 16:58 . 2009-03-08 16:58 2 --a------ C:\-199094231

2009-03-06 23:33 . 2070-01-01 08:30 <DIR> d-------- c:\windows\system32\SupportAppXL

2009-03-06 23:33 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys

2009-03-06 23:33 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys

2009-03-06 23:32 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys

2009-03-06 21:40 . 2069-12-31 22:09 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-03-06 21:40 . 2069-12-31 22:09 <DIR> d-------- c:\arquivos de programas\GbPlugin

2009-03-04 22:18 . 2009-03-04 22:18 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Dev-Cpp

2009-03-04 22:17 . 2009-03-04 22:18 <DIR> d-------- C:\Dev-Cpp

2009-03-03 08:23 . 2009-03-08 19:46 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-03-03 08:23 . 2009-03-03 08:24 <DIR> d-------- c:\arquivos de programas\Spybot - Search & Destroy

2009-03-02 21:22 . 2009-03-02 21:22 <DIR> d---s---- c:\documents and settings\Administrador\UserData

2009-03-02 18:38 . 2009-03-02 18:38 268 --ah----- C:\sqmdata00.sqm

2009-03-02 18:38 . 2009-03-02 18:38 244 --ah----- C:\sqmnoopt00.sqm

2009-03-02 09:46 . 2009-03-02 09:46 <DIR> d-------- c:\documents and settings\Administrador\Contacts

2009-03-02 09:46 . 2009-03-02 09:46 <DIR> d-------- c:\arquivos de programas\MSN Messenger

2009-03-02 08:48 . 2006-02-21 22:05 140,307 --a------ c:\windows\system32\atmptbxx.hlp

2009-03-02 08:48 . 2006-02-21 22:05 45,352 --a------ c:\windows\system32\attptbxx.hlp

2009-03-02 08:48 . 2006-02-21 22:05 24,712 --a------ c:\windows\system32\atfptbxx.hlp

2009-03-02 08:41 . 2009-03-02 08:41 <DIR> d-------- c:\arquivos de programas\Synergy

2009-03-01 17:51 . 2009-03-01 17:51 0 --a------ c:\windows\nsreg.dat

2009-03-01 13:09 . 2009-03-01 13:09 8,337 --a------ c:\windows\FontData.fdb

2009-03-01 13:08 . 2009-03-01 13:08 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\InstallShield

2009-03-01 13:08 . 2009-03-01 13:08 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Corel

2009-03-01 13:08 . 2009-03-01 13:12 56 -r-hs---- c:\windows\system32\C3B537592A.sys

2009-03-01 13:06 . 2009-03-01 13:06 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Corel

2009-03-01 12:59 . 2009-03-02 22:00 3,402 --ahs---- c:\windows\system32\KGyGaAvL.sys

2009-03-01 12:58 . 2009-03-01 13:06 <DIR> d-------- c:\arquivos de programas\Corel

2009-03-01 12:15 . 2007-09-28 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe

2009-03-01 12:14 . 2009-03-01 12:14 <DIR> d-------- c:\arquivos de programas\Radeon Omega Drivers

2009-03-01 12:14 . 2009-03-01 12:14 <DIR> d-------- c:\arquivos de programas\MultiRes

2009-03-01 11:38 . 2009-03-01 11:38 <DIR> d-------- c:\arquivos de programas\Google

2009-03-01 11:14 . 2009-03-01 11:14 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-01 11:13 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

2009-03-01 11:09 . 2009-03-08 23:06 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2009-03-01 11:08 . 2009-03-01 11:13 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Winamp

2009-03-01 11:08 . 2009-03-01 11:08 <DIR> d-------- c:\arquivos de programas\Winamp

2009-03-01 11:08 . 2007-03-07 20:51 129,784 --------- c:\windows\system32\pxafs.dll

2009-03-01 11:08 . 2007-03-07 20:51 43,528 --------- c:\windows\system32\drivers\PxHelp20.sys

2009-03-01 11:08 . 2007-03-07 20:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys

2009-03-01 11:08 . 2007-03-07 20:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys

2009-03-01 11:06 . 2009-03-01 11:06 <DIR> d-------- c:\windows\system32\Lang

2009-03-01 11:06 . 2009-03-01 11:06 940,794 --a------ c:\windows\system32\LoopyMusic.wav

2009-03-01 11:06 . 2009-03-01 11:06 146,650 --a------ c:\windows\system32\BuzzingBee.wav

2009-03-01 11:05 . 2006-08-16 11:21 135,168 --a------ c:\windows\system32\RtlCPAPI.dll

2009-03-01 11:05 . 2004-08-03 23:15 82,944 --a------ c:\windows\system32\drivers\wdmaud.sys

2009-03-01 11:05 . 2004-08-03 23:15 82,944 --a--c--- c:\windows\system32\dllcache\wdmaud.sys

2009-03-01 11:05 . 2001-08-17 22:00 54,272 --a------ c:\windows\system32\drivers\swmidi.sys

2009-03-01 11:05 . 2001-08-17 22:00 54,272 --a--c--- c:\windows\system32\dllcache\swmidi.sys

2009-03-01 11:05 . 2004-08-03 23:07 52,864 --a------ c:\windows\system32\drivers\DMusic.sys

2009-03-01 11:05 . 2004-08-03 23:07 52,864 --a--c--- c:\windows\system32\dllcache\dmusic.sys

2009-03-01 11:05 . 2006-08-16 11:20 40,960 --a------ c:\windows\system32\ChCfg.exe

2009-03-01 11:05 . 2004-08-03 23:07 6,400 --a------ c:\windows\system32\drivers\splitter.sys

2009-03-01 11:05 . 2004-08-03 23:07 6,400 --a--c--- c:\windows\system32\dllcache\splitter.sys

2009-03-01 11:04 . 2009-03-01 11:04 <DIR> d-------- c:\arquivos de programas\Realtek

2009-03-01 11:02 . 2009-03-01 11:02 <DIR> d-------- c:\arquivos de programas\CONEXANT

2009-03-01 10:56 . 2009-03-01 10:56 <DIR> d-------- c:\arquivos de programas\ATI Technologies

2009-03-01 10:54 . 2009-03-01 10:54 <DIR> d----c--- c:\windows\system32\DRVSTORE

2009-03-01 10:54 . 2009-03-01 10:54 <DIR> d-------- c:\arquivos de programas\DIFX

2009-03-01 10:54 . 2004-02-13 13:49 356,352 --a------ c:\windows\EMCRI.dll

2009-03-01 10:54 . 2006-06-18 23:37 43,520 --a------ c:\windows\system32\drivers\AmdK8.sys

2009-03-01 10:53 . 2009-03-01 11:05 <DIR> d-------- c:\windows\system32\RTCOM

2009-03-01 10:53 . 2004-08-04 00:45 130,048 --a------ c:\windows\system32\ksproxy.ax

2009-03-01 10:53 . 2004-08-04 00:45 130,048 --a--c--- c:\windows\system32\dllcache\ksproxy.ax

2009-03-01 10:53 . 2004-08-03 23:08 60,288 --a------ c:\windows\system32\drivers\drmk.sys

2009-03-01 10:53 . 2004-08-03 23:08 60,288 --a--c--- c:\windows\system32\dllcache\drmk.sys

2009-03-01 10:53 . 2004-11-18 10:42 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-01 10:53 . 2004-08-04 00:45 4,096 --a------ c:\windows\system32\ksuser.dll

2009-03-01 10:53 . 2004-08-04 00:45 4,096 --a--c--- c:\windows\system32\dllcache\ksuser.dll

2009-03-01 10:52 . 2006-08-16 11:23 16,248,320 --a------ c:\windows\RTHDCPL.exe

2009-03-01 10:52 . 2006-08-16 11:22 9,709,568 --a------ c:\windows\RTLCPL.exe

2009-03-01 10:52 . 2006-08-16 11:21 4,304,384 --a------ c:\windows\system32\drivers\RtkHDAud.Sys

2009-03-01 10:52 . 2006-08-16 11:21 2,879,488 --a------ c:\windows\SkyTel.exe

2009-03-01 10:52 . 2006-08-16 11:20 2,808,832 --a------ c:\windows\alcwzrd.exe

2009-03-01 10:52 . 2006-08-16 11:21 2,158,592 --a------ c:\windows\MicCal.exe

2009-03-01 10:52 . 2006-08-16 11:21 364,544 --a------ c:\windows\RtlUpd.exe

2009-03-01 10:52 . 2006-08-16 11:20 299,008 --a------ c:\windows\system32\ALSndMgr.Cpl

2009-03-01 10:52 . 2006-08-16 11:21 266,240 --a------ c:\windows\system32\RTSndMgr.Cpl

2009-03-01 10:52 . 2006-08-16 11:21 86,016 --a------ c:\windows\SoundMan.exe

2009-03-01 10:52 . 2006-08-16 11:20 69,632 --a------ c:\windows\Alcmtr.exe

2009-03-01 10:50 . 2009-03-06 23:33 <DIR> d--h----- c:\arquivos de programas\InstallShield Installation Information

2009-03-01 10:50 . 2009-03-01 10:50 <DIR> d-------- c:\arquivos de programas\Atheros

2009-03-01 10:50 . 2009-03-01 13:08 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-03-01 10:50 . 2006-11-15 08:00 528,096 --a------ c:\windows\system32\drivers\ar5211.sys

2009-03-01 10:50 . 2005-06-21 13:32 28,544 --a------ c:\windows\system32\drivers\callistx.sys

2009-03-01 10:37 . 2006-04-20 16:03 995,712 --a------ c:\windows\system32\drivers\HSF_DPV.sys

2009-03-01 10:37 . 2006-04-20 16:02 727,296 --a------ c:\windows\system32\drivers\HSF_CNXT.sys

2009-03-01 10:37 . 2006-04-20 16:02 208,000 --a------ c:\windows\system32\drivers\HSFHWAZL.sys

2009-03-01 10:37 . 2006-04-20 11:55 145,584 --a------ c:\windows\system32\drivers\HSFProf.cty

2009-03-01 10:37 . 2006-03-16 17:06 118,784 --a------ c:\windows\system32\UCI32105.dll

2009-03-01 10:37 . 2006-02-15 11:57 86,016 --a------ c:\windows\system32\mdmxsdk.dll

2009-03-01 10:37 . 2006-07-13 10:33 74,752 --a------ c:\windows\system32\drivers\ESM7SK.sys

2009-03-01 10:37 . 2006-08-25 16:33 61,824 --a------ c:\windows\system32\drivers\EMS7SK.sys

2009-03-01 10:37 . 2006-08-22 10:11 40,064 --a------ c:\windows\system32\drivers\ESD7SK.sys

2009-03-01 10:37 . 2006-02-15 11:57 12,672 --a------ c:\windows\system32\drivers\mdmxsdk.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-08 19:58 14,336 ----a-w c:\windows\system32\svchost.exe

2009-03-01 15:14 472,576 ----a-w c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe

2009-02-28 20:27 --------- d-----w c:\arquivos de programas\microsoft frontpage

2009-02-28 20:25 --------- d-----w c:\arquivos de programas\Serviços on-line

2009-02-28 20:24 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AzMixerSel"="c:\arquivos de programas\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-08-16 c:\windows\SkyTel.exe]

"AtiPTA"="atiptaxx.exe" [2006-02-21 c:\windows\system32\atiptaxx.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\arquiv~1\GbPlugin\gbiehabn.dll" [2008-09-26 378792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2008-09-26 20:26 378792 c:\arquiv~1\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSNETDED]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msrsys]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 16:30 249856 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 16:30 81920 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Mozillacorp"=c:\windows\system32\system.exe

"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"googletalk"=c:\arquivos de programas\Google\Google Talk\googletalk.exe /autostart

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\WINDOWS\\system\\msrsys32.exe"=

 

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-08 114768]

R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-08 20560]

S1 d4a6b76a;d4a6b76a;c:\windows\system32\drivers\d4a6b76a.sys --> c:\windows\system32\drivers\d4a6b76a.sys [?]

S2 MSNETDED;Network Monitor service;"c:\windows\system\svhost.exe" --> c:\windows\system\svhost.exe [?]

S2 msrsys;MSR System Service;c:\windows\system\msrsys32.exe [2069-12-31 995328]

UnknownUnknown GbpSv;GbpSv; [x]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1275210071-839522115-500.job

- c:\documents and settings\Administrador\Configura []

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{782ff274-abfa-4c66-b7c7-5cac5249e2fd} - c:\windows\system32\lvkrtnd.dll

Notify-adojongq - (no file)

SafeBoot-msile

 

 

.

------- Scan Suplementar -------

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = proxymo.sociesc.com.br:3128

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\u375780p.default\

FF - prefs.js: network.proxy.type - 4

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-09 11:04:53

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GbpSv]

"ImagePath"="c:\arquiv~1\GbPlugin\GbpSv.exe"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(592)

c:\arquiv~1\GbPlugin\gbiehabn.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\COMRes.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\docume~1\ADMINI~1\CONFIG~1\Temp\RtkBtMnt.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-09 11:06:32 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-09 14:06:29

 

Pré-execução: 10 pasta(s) 15.158.075.392 bytes disponíveis

Pós execução: 10 pasta(s) 15,147,409,408 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

 

253

 

 

 

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

abaixo o novo log do HijackThis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:10:24, on 9/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\RtkBtMnt.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxymo.sociesc.com.br:3128

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner (avast! mail scanner) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner (avast! web scanner) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)

O23 - Service: Network Monitor service (MSNETDED) - Unknown owner - C:\WINDOWS\system\svhost.exe (file missing)

O23 - Service: MSR System Service (msrsys) - Unknown owner - C:\WINDOWS\system\msrsys32.exe

O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)

[Silas Martins 0]

Copie,todo conteúdo citado abaixo e cole no Bloco de Notas.

Salve o arquivo na área de trabalho com o nome de: CFScript.txt

File::

c:\WINDOWS\system\msrsys32.exe

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSNETDED]

@="Service"

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msrsys]

@="Service"

 

Arraste o CFScript.txt até o ícone do Combofix, conforme ilustração abaixo:

 

Atenda à solicitação,que deverá surgir,para rodar o ComboFix

OBS: Arraste o CFScript até para o ícone até que apareça a janela(pequena) do combofix

Ao final poste o ComboFix.txt juntamente com o novo log do hijackthis

 

Obs.: Execute a ação com o seu pendrive conectado ao PC.

 

Aguardo retorno

[julinano 0]

Segue o novo Log:

 

 

 

ComboFix 09-03-10.01 - Administrador 2009-03-10 19:19:06.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1790.1295 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1335 [VPS 090310-0] *On-access scanning enabled* (Updated)

* Criado um novo ponto de restauro

 

FILE ::

c:\windows\system\msrsys32.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\AutoRun.inf

F:\autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-10 to 2009-03-10 ))))))))))))))))))))))))))))

.

 

2070-01-01 07:58 . 2070-01-01 07:58 <DIR> d-------- c:\arquivos de programas\CCleaner

2070-01-01 06:29 . 2070-01-01 06:29 <DIR> d-------- c:\arquivos de programas\Alwil Software

2070-01-01 06:24 . 2070-01-01 06:24 <DIR> d-------- C:\!KillBox

2069-12-31 22:36 . 2009-03-08 23:53 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2069-12-31 22:35 . 2069-12-31 22:35 102,409 --a------ c:\windows\system32\msvcrt2.dll

2069-12-31 22:26 . 2069-12-31 22:26 89 --a------ c:\windows\wininit.ini

2009-03-10 16:46 . 2006-08-16 11:21 135,168 --a------ c:\windows\system32\RtlCPAPI.dll

2009-03-10 16:46 . 2006-08-16 11:20 69,632 --a------ c:\windows\Alcmtr.exe

2009-03-09 12:18 . 2009-03-09 12:18 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\HP

2009-03-09 12:17 . 2009-03-09 12:17 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WEBREG

2009-03-09 12:16 . 2009-03-09 12:16 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2009-03-09 12:16 . 2009-03-09 12:16 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\HPAppData

2009-03-09 12:15 . 2009-03-09 12:15 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-03-09 12:15 . 2009-03-09 12:15 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HP

2009-03-09 12:15 . 2009-03-09 12:15 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\HP

2009-03-09 12:14 . 2009-03-09 12:14 <DIR> d-------- c:\arquivos de programas\Hewlett-Packard

2009-03-09 12:14 . 2009-03-09 12:14 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2009-03-09 12:13 . 2009-03-09 12:13 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard

2009-03-09 12:13 . 2007-03-30 12:07 267,864 -ra------ c:\windows\system32\hpzids01.dll

2009-03-09 12:13 . 2007-03-28 14:01 117,760 --a------ c:\windows\system32\hpzll5ha.dll

2009-03-09 12:13 . 2007-03-08 01:20 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys

2009-03-09 12:13 . 2007-03-08 01:20 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys

2009-03-09 12:13 . 2007-03-08 01:20 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys

2009-03-09 12:12 . 2007-03-17 13:11 675,840 -ra------ c:\windows\system32\hpowiax3.dll

2009-03-09 12:12 . 2007-03-17 13:11 569,344 -ra------ c:\windows\system32\hpotscl3.dll

2009-03-09 12:12 . 2007-03-08 01:20 364,544 -ra------ c:\windows\system32\hppldcoi.dll

2009-03-09 12:12 . 2007-03-08 01:20 309,760 -ra------ c:\windows\system32\difxapi.dll

2009-03-09 12:12 . 2007-03-17 13:11 303,104 -ra------ c:\windows\system32\hpovst10.dll

2009-03-09 12:12 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2009-03-09 12:12 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2009-03-09 12:11 . 2009-03-09 12:16 <DIR> d-------- c:\arquivos de programas\HP

2009-03-09 12:08 . 2009-03-09 12:17 152,160 --a------ c:\windows\hpoins14.dat

2009-03-09 12:08 . 2007-09-19 22:14 2,000 --------- c:\windows\hpomdl14.dat

2009-03-09 12:07 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys

2009-03-09 12:07 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys

2009-03-08 16:58 . 2009-03-08 16:58 2 --a------ C:\-199094231

2009-03-06 23:33 . 2070-01-01 08:30 <DIR> d-------- c:\windows\system32\SupportAppXL

2009-03-06 23:33 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys

2009-03-06 23:33 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys

2009-03-06 23:32 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys

2009-03-06 21:40 . 2069-12-31 22:09 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-03-06 21:40 . 2069-12-31 22:09 <DIR> d-------- c:\arquivos de programas\GbPlugin

2009-03-04 22:18 . 2009-03-04 22:18 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Dev-Cpp

2009-03-04 22:17 . 2009-03-04 22:18 <DIR> d-------- C:\Dev-Cpp

2009-03-03 08:23 . 2009-03-09 11:08 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-03-03 08:23 . 2009-03-03 08:24 <DIR> d-------- c:\arquivos de programas\Spybot - Search & Destroy

2009-03-02 21:22 . 2009-03-02 21:22 <DIR> d---s---- c:\documents and settings\Administrador\UserData

2009-03-02 18:38 . 2009-03-02 18:38 268 --ah----- C:\sqmdata00.sqm

2009-03-02 18:38 . 2009-03-02 18:38 244 --ah----- C:\sqmnoopt00.sqm

2009-03-02 09:46 . 2009-03-02 09:46 <DIR> d-------- c:\documents and settings\Administrador\Contacts

2009-03-02 09:46 . 2009-03-02 09:46 <DIR> d-------- c:\arquivos de programas\MSN Messenger

2009-03-02 08:48 . 2006-02-21 22:05 140,307 --a------ c:\windows\system32\atmptbxx.hlp

2009-03-02 08:48 . 2006-02-21 22:05 45,352 --a------ c:\windows\system32\attptbxx.hlp

2009-03-02 08:48 . 2006-02-21 22:05 24,712 --a------ c:\windows\system32\atfptbxx.hlp

2009-03-02 08:41 . 2009-03-02 08:41 <DIR> d-------- c:\arquivos de programas\Synergy

2009-03-01 17:51 . 2009-03-01 17:51 0 --a------ c:\windows\nsreg.dat

2009-03-01 13:09 . 2009-03-01 13:09 8,337 --a------ c:\windows\FontData.fdb

2009-03-01 13:08 . 2009-03-01 13:08 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\InstallShield

2009-03-01 13:08 . 2009-03-01 13:08 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Corel

2009-03-01 13:08 . 2009-03-01 13:12 56 -r-hs---- c:\windows\system32\C3B537592A.sys

2009-03-01 13:06 . 2009-03-01 13:06 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Corel

2009-03-01 12:59 . 2009-03-09 22:02 3,454 --ahs---- c:\windows\system32\KGyGaAvL.sys

2009-03-01 12:58 . 2009-03-01 13:06 <DIR> d-------- c:\arquivos de programas\Corel

2009-03-01 12:15 . 2007-09-28 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe

2009-03-01 12:14 . 2009-03-01 12:14 <DIR> d-------- c:\arquivos de programas\Radeon Omega Drivers

2009-03-01 12:14 . 2009-03-01 12:14 <DIR> d-------- c:\arquivos de programas\MultiRes

2009-03-01 11:38 . 2009-03-01 11:38 <DIR> d-------- c:\arquivos de programas\Google

2009-03-01 11:14 . 2009-03-01 11:14 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-01 11:13 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

2009-03-01 11:09 . 2009-03-08 23:06 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2009-03-01 11:08 . 2009-03-01 11:13 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Winamp

2009-03-01 11:08 . 2009-03-01 11:08 <DIR> d-------- c:\arquivos de programas\Winamp

2009-03-01 11:08 . 2007-03-07 20:51 129,784 --------- c:\windows\system32\pxafs.dll

2009-03-01 11:08 . 2007-03-07 20:51 43,528 --------- c:\windows\system32\drivers\PxHelp20.sys

2009-03-01 11:08 . 2007-03-07 20:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys

2009-03-01 11:08 . 2007-03-07 20:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys

2009-03-01 11:06 . 2009-03-01 11:06 <DIR> d-------- c:\windows\system32\Lang

2009-03-01 11:06 . 2009-03-01 11:06 940,794 --a------ c:\windows\system32\LoopyMusic.wav

2009-03-01 11:06 . 2009-03-01 11:06 146,650 --a------ c:\windows\system32\BuzzingBee.wav

2009-03-01 11:05 . 2004-08-03 23:15 82,944 --a------ c:\windows\system32\drivers\wdmaud.sys

2009-03-01 11:05 . 2004-08-03 23:15 82,944 --a--c--- c:\windows\system32\dllcache\wdmaud.sys

2009-03-01 11:05 . 2001-08-17 22:00 54,272 --a------ c:\windows\system32\drivers\swmidi.sys

2009-03-01 11:05 . 2001-08-17 22:00 54,272 --a--c--- c:\windows\system32\dllcache\swmidi.sys

2009-03-01 11:05 . 2004-08-03 23:07 52,864 --a------ c:\windows\system32\drivers\DMusic.sys

2009-03-01 11:05 . 2004-08-03 23:07 52,864 --a--c--- c:\windows\system32\dllcache\dmusic.sys

2009-03-01 11:05 . 2006-08-16 11:20 40,960 --a------ c:\windows\system32\ChCfg.exe

2009-03-01 11:05 . 2004-08-03 23:07 6,400 --a------ c:\windows\system32\drivers\splitter.sys

2009-03-01 11:05 . 2004-08-03 23:07 6,400 --a--c--- c:\windows\system32\dllcache\splitter.sys

2009-03-01 11:04 . 2009-03-10 16:46 <DIR> d-------- c:\arquivos de programas\Realtek

2009-03-01 11:02 . 2009-03-01 11:02 <DIR> d-------- c:\arquivos de programas\CONEXANT

2009-03-01 10:56 . 2009-03-01 10:56 <DIR> d-------- c:\arquivos de programas\ATI Technologies

2009-03-01 10:54 . 2009-03-09 12:11 <DIR> d----c--- c:\windows\system32\DRVSTORE

2009-03-01 10:54 . 2009-03-01 10:54 <DIR> d-------- c:\arquivos de programas\DIFX

2009-03-01 10:54 . 2004-02-13 13:49 356,352 --a------ c:\windows\EMCRI.dll

2009-03-01 10:54 . 2006-06-18 23:37 43,520 --a------ c:\windows\system32\drivers\AmdK8.sys

2009-03-01 10:53 . 2009-03-10 16:46 <DIR> d-------- c:\windows\system32\RTCOM

2009-03-01 10:53 . 2004-08-04 00:45 130,048 --a------ c:\windows\system32\ksproxy.ax

2009-03-01 10:53 . 2004-08-04 00:45 130,048 --a--c--- c:\windows\system32\dllcache\ksproxy.ax

2009-03-01 10:53 . 2004-08-03 23:08 60,288 --a------ c:\windows\system32\drivers\drmk.sys

2009-03-01 10:53 . 2004-08-03 23:08 60,288 --a--c--- c:\windows\system32\dllcache\drmk.sys

2009-03-01 10:53 . 2004-11-18 10:42 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-01 10:53 . 2004-08-04 00:45 4,096 --a------ c:\windows\system32\ksuser.dll

2009-03-01 10:53 . 2004-08-04 00:45 4,096 --a--c--- c:\windows\system32\dllcache\ksuser.dll

2009-03-01 10:52 . 2006-08-16 11:23 16,248,320 --a------ c:\windows\RTHDCPL.exe

2009-03-01 10:52 . 2006-08-16 11:22 9,709,568 --a------ c:\windows\RTLCPL.exe

2009-03-01 10:52 . 2006-08-16 11:21 4,304,384 --a------ c:\windows\system32\drivers\RtkHDAud.Sys

2009-03-01 10:52 . 2006-08-16 11:21 2,879,488 --a------ c:\windows\SkyTel.exe

2009-03-01 10:52 . 2006-08-16 11:20 2,808,832 --a------ c:\windows\alcwzrd.exe

2009-03-01 10:52 . 2006-08-16 11:21 2,158,592 --a------ c:\windows\MicCal.exe

2009-03-01 10:52 . 2006-08-16 11:21 364,544 --a------ c:\windows\RtlUpd.exe

2009-03-01 10:52 . 2006-08-16 11:20 299,008 --a------ c:\windows\system32\ALSndMgr.Cpl

2009-03-01 10:52 . 2006-08-16 11:21 266,240 --a------ c:\windows\system32\RTSndMgr.Cpl

2009-03-01 10:52 . 2006-08-16 11:21 86,016 --a------ c:\windows\SoundMan.exe

2009-03-01 10:50 . 2009-03-06 23:33 <DIR> d--h----- c:\arquivos de programas\InstallShield Installation Information

2009-03-01 10:50 . 2009-03-01 10:50 <DIR> d-------- c:\arquivos de programas\Atheros

2009-03-01 10:50 . 2009-03-01 13:08 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-03-01 10:50 . 2006-11-15 08:00 528,096 --a------ c:\windows\system32\drivers\ar5211.sys

2009-03-01 10:50 . 2005-06-21 13:32 28,544 --a------ c:\windows\system32\drivers\callistx.sys

2009-03-01 10:37 . 2006-04-20 16:03 995,712 --a------ c:\windows\system32\drivers\HSF_DPV.sys

2009-03-01 10:37 . 2006-04-20 16:02 727,296 --a------ c:\windows\system32\drivers\HSF_CNXT.sys

2009-03-01 10:37 . 2006-04-20 16:02 208,000 --a------ c:\windows\system32\drivers\HSFHWAZL.sys

2009-03-01 10:37 . 2006-04-20 11:55 145,584 --a------ c:\windows\system32\drivers\HSFProf.cty

2009-03-01 10:37 . 2006-03-16 17:06 118,784 --a------ c:\windows\system32\UCI32105.dll

2009-03-01 10:37 . 2006-02-15 11:57 86,016 --a------ c:\windows\system32\mdmxsdk.dll

2009-03-01 10:37 . 2006-07-13 10:33 74,752 --a------ c:\windows\system32\drivers\ESM7SK.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-08 19:58 14,336 ----a-w c:\windows\system32\svchost.exe

2009-03-01 15:14 472,576 ----a-w c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe

2009-02-28 20:27 --------- d-----w c:\arquivos de programas\microsoft frontpage

2009-02-28 20:25 --------- d-----w c:\arquivos de programas\Serviços on-line

2009-02-28 20:24 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-09_11.05.39.90 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-09 15:15:53 65,536 ----a-r c:\windows\Installer\{10E1E87C-656C-4D08-86D6-5443D28583BE}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe

+ 2009-03-09 15:16:37 8,854 ----a-r c:\windows\Installer\{415CDA53-9100-476F-A7B2-476691E117C7}\Uninstall_Smart_Web__2DD09EA994C6415885A0C8BB7A14CB08.exe

+ 2009-03-09 15:16:44 25,214 ----a-r c:\windows\Installer\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}\ARPPRODUCTICON.exe

+ 2009-03-09 15:16:44 25,214 ----a-r c:\windows\Installer\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}\hpqSSupply.exe

+ 2009-03-09 15:17:17 25,214 ----a-r c:\windows\Installer\{8389382B-53BA-4A87-8854-91E3D80A5AC7}\ARPPRODUCTICON.exe

+ 2009-03-09 15:17:17 25,214 ----a-r c:\windows\Installer\{8389382B-53BA-4A87-8854-91E3D80A5AC7}\NewShortcut1_8389382B53BA4A87885491E3D80A5AC7.exe

+ 2009-03-09 15:17:17 25,214 ----a-r c:\windows\Installer\{8389382B-53BA-4A87-8854-91E3D80A5AC7}\NewShortcut2_8389382B53BA4A87885491E3D80A5AC7.exe

+ 2009-03-09 15:17:00 65,536 ----a-r c:\windows\Installer\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}\ARPPRODUCTICON.exe

+ 2009-03-09 15:17:00 689,720 ----a-r c:\windows\Installer\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe

+ 2009-03-09 15:17:13 25,214 ----a-r c:\windows\Installer\{F72E2DDC-3DB8-4190-A21D-63883D955FE7}\ARPPRODUCTICON.exe

+ 2007-04-23 23:11:18 287,256 ----a-r c:\windows\system32\AbaleZip.dll

+ 2007-03-30 15:07:42 267,864 -c--a-r c:\windows\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzids01.dll

+ 2007-03-08 04:20:45 309,760 -c--a-r c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\dot4\Win2000\difxapi.dll

+ 2007-03-08 04:20:46 364,544 -c--a-r c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\dot4\Win2000\hppldcoi.dll

+ 2007-03-17 16:11:12 229,376 -c--a-r c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpotpusd.dll

+ 2007-03-17 16:11:12 569,344 -c--a-r c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpotscl3.dll

+ 2007-03-17 16:11:13 303,104 -c--a-r c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpovst10.dll

+ 2007-03-17 16:11:13 675,840 -c--a-r c:\windows\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpowiax3.dll

+ 2007-03-08 04:20:48 49,920 -c--a-r c:\windows\system32\DRVSTORE\hpzid413_F75AD070CF6AC37359152FFE52115AEC89378C94\drivers\dot4\Win2000\HPZid412.sys

+ 2007-03-08 04:20:45 309,760 -c--a-r c:\windows\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\difxapi.dll

+ 2007-03-08 04:20:46 364,544 -c--a-r c:\windows\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\hppldcoi.dll

+ 2007-03-08 04:20:48 49,920 -c--a-r c:\windows\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\HPZid412.sys

+ 2007-03-08 04:20:49 16,496 -c--a-r c:\windows\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\HPzipr12.sys

+ 2007-03-08 04:20:50 21,568 -c--a-r c:\windows\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\HPZius12.sys

+ 2007-03-08 04:20:37 282,624 -c--a-r c:\windows\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\HPZc3212.dll

+ 2007-03-08 04:20:49 16,496 -c--a-r c:\windows\system32\DRVSTORE\hpzipr13_9B62D8E7E43E761D5D4A9F1967C0FC868E8BC390\drivers\dot4\Win2000\HPZipr12.sys

+ 2007-03-08 04:20:45 309,760 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\difxapi.dll

+ 2007-03-08 04:20:46 364,544 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\hppldcoi.dll

+ 2007-03-08 04:20:48 49,920 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\hpzid412.sys

+ 2007-03-08 04:20:49 16,496 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\hpzipr12.sys

+ 2007-03-08 04:20:50 21,568 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\HPZius12.sys

+ 2007-03-08 04:20:52 16,800 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\WinxP\Hppaufd0.sys

+ 2007-03-08 04:20:37 282,624 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\HPZc3212.dll

+ 2007-03-12 00:24:52 1,645,320 ----a-w c:\windows\system32\gdiplus.dll

+ 2006-11-08 19:35:38 49,152 ----a-w c:\windows\system32\HPZidr12.dll

+ 2006-11-08 19:35:36 43,520 ----a-w c:\windows\system32\HPZinw12.dll

+ 2006-11-08 19:35:38 53,248 ----a-w c:\windows\system32\HPZipm12.dll

+ 2006-11-08 19:35:40 33,280 ----a-w c:\windows\system32\HPZipr12.dll

+ 2006-11-08 19:35:40 29,696 ----a-w c:\windows\system32\hpzipt12.dll

+ 2006-11-08 19:35:40 20,480 ----a-w c:\windows\system32\hpzisn12.dll

+ 2007-03-12 00:24:50 190,072 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil9b.exe

- 2009-03-09 12:43:33 58,930 ----a-w c:\windows\system32\perfc009.dat

+ 2009-03-10 22:12:22 58,930 ----a-w c:\windows\system32\perfc009.dat

- 2009-03-09 12:43:33 67,648 ----a-w c:\windows\system32\perfc016.dat

+ 2009-03-10 22:12:22 67,648 ----a-w c:\windows\system32\perfc016.dat

- 2009-03-09 12:43:33 392,630 ----a-w c:\windows\system32\perfh009.dat

+ 2009-03-10 22:12:22 392,630 ----a-w c:\windows\system32\perfh009.dat

- 2009-03-09 12:43:33 425,664 ----a-w c:\windows\system32\perfh016.dat

+ 2009-03-10 22:12:22 425,664 ----a-w c:\windows\system32\perfh016.dat

+ 2006-08-16 14:20:00 2,808,832 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\ALCWZRD.EXE

+ 2004-08-04 02:08:00 60,288 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\drmk.sys

+ 2004-08-04 02:15:22 140,928 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\ks.sys

+ 2004-08-04 03:45:24 4,096 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\ksuser.dll

+ 2004-03-16 13:58:20 136,960 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\portcls.sys

+ 2004-08-04 02:08:04 48,640 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\stream.sys

+ 2004-08-04 03:45:48 23,552 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\wdmaud.drv

+ 2006-08-16 14:21:00 2,158,592 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\MicCal.exe

+ 2006-08-16 14:20:00 270,336 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\RTCOMDLL.dll

+ 2006-08-16 14:23:00 16,248,320 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\RTHDCPL.EXE

+ 2006-08-16 14:21:00 4,304,384 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\RtkHDAud.sys

+ 2006-08-16 14:21:00 135,168 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\RTLCPAPI.dll

+ 2006-08-16 14:22:00 9,709,568 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\RTLCPL.EXE

+ 2006-08-16 14:21:00 364,544 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\RtlUpd.exe

+ 2006-08-16 14:21:00 2,879,488 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\SkyTel.exe

+ 2006-08-16 14:21:00 86,016 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\SOUNDMAN.EXE

+ 2007-03-26 13:17:44 2,862,592 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpbcfgre.dll

+ 2006-11-30 14:14:06 671,816 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll

+ 2007-02-22 22:35:00 314,880 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpfie5ha.dll

+ 2007-02-20 14:29:02 337,920 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpfig5ha.dll

+ 2006-12-06 19:31:56 113,152 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpfrs5ha.dll

+ 2007-03-28 15:53:28 977,920 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpz3c5ha.dll

+ 2007-03-28 17:01:08 1,739,264 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpz3r5ha.dll

+ 2007-03-28 17:01:28 233,472 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzc35ha.dll

+ 2007-03-28 16:59:04 446,976 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzev5ha.dll

+ 2007-03-28 17:00:22 5,189,120 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzla5ha.dll

+ 2007-03-28 16:57:04 782,848 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzle5ha.dll

+ 2007-03-28 16:59:20 299,520 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzpr5ha.dll

+ 2007-03-28 16:57:18 853,504 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzse5ha.dll

+ 2007-03-28 16:32:56 670,208 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzss5ha.dll

+ 2007-03-28 15:52:24 8,602,112 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzst5ha.dll

+ 2007-03-28 16:58:06 3,291,648 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzui5ha.dll

+ 2007-03-28 15:53:22 3,419,648 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzur5ha.dll

+ 2006-12-20 15:50:04 269,824 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL

+ 2006-12-20 15:42:30 208,384 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL

+ 2006-12-20 15:42:28 620,544 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL

+ 2007-03-26 13:17:44 2,862,592 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpbcfgre.dll

+ 2006-11-30 14:14:06 671,816 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpcdmc32.dll

+ 2007-02-22 22:35:00 314,880 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpfie5ha.dll

+ 2007-02-20 14:29:02 337,920 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpfig5ha.dll

+ 2006-12-06 19:31:56 113,152 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpfrs5ha.dll

+ 2007-03-28 15:53:28 977,920 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpz3c5ha.dll

+ 2007-03-28 17:01:08 1,739,264 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpz3r5ha.dll

+ 2007-03-28 17:01:28 233,472 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzc35ha.dll

+ 2007-03-28 16:59:04 446,976 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzev5ha.dll

+ 2007-03-28 17:00:22 5,189,120 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzla5ha.dll

+ 2007-03-28 16:57:04 782,848 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzle5ha.dll

+ 2007-03-28 16:59:20 299,520 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzpr5ha.dll

+ 2007-03-28 16:57:18 853,504 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzse5ha.dll

+ 2007-03-28 16:32:56 670,208 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzss5ha.dll

+ 2007-03-28 15:52:24 8,602,112 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzst5ha.dll

+ 2007-03-28 16:58:06 3,291,648 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzui5ha.dll

+ 2007-03-28 15:53:22 3,419,648 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzur5ha.dll

+ 2006-12-20 15:50:04 269,824 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\UNIDRV.DLL

+ 2006-12-20 15:42:30 208,384 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\UNIDRVUI.DLL

+ 2006-12-20 15:42:28 620,544 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\UNIRES.DLL

+ 2007-03-28 16:57:34 274,944 ----a-w c:\windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll

+ 2009-03-10 22:21:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_560.dat

+ 2007-03-12 06:35:12 12,288 ----a-r c:\windows\Twunk_16.dll

+ 2007-03-12 06:35:12 12,288 ----a-r c:\windows\Twunk_32.dll

+ 2007-03-08 23:38:58 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll

+ 2007-06-28 02:16:00 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll

+ 2007-06-28 02:16:02 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll

+ 2007-06-28 02:16:00 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll

+ 2007-03-08 23:38:58 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll

+ 2007-03-08 23:38:58 1,079,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll

+ 2007-03-08 23:38:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80.dll

+ 2007-03-08 23:38:58 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80u.dll

+ 2007-03-12 00:32:42 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHS.dll

+ 2007-03-12 00:32:42 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHT.dll

+ 2007-03-12 00:32:42 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80DEU.dll

+ 2007-03-12 00:32:42 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ENU.dll

+ 2007-03-12 00:32:42 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ESP.dll

+ 2007-03-12 00:32:42 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80FRA.dll

+ 2007-03-12 00:32:42 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ITA.dll

+ 2007-03-12 00:32:42 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80JPN.dll

+ 2007-03-12 00:32:42 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80KOR.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AzMixerSel"="c:\arquivos de programas\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"SkyTel"="SkyTel.EXE" [2006-08-16 c:\windows\SkyTel.exe]

"AtiPTA"="atiptaxx.exe" [2006-02-21 c:\windows\system32\atiptaxx.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 c:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\arquiv~1\GbPlugin\gbiehabn.dll" [2008-09-26 378792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2008-09-26 20:26 378792 c:\arquiv~1\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\adojongq]

[bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"msacm.iac2"= c:\windows\system32\iac25_32. ax

"VIDC.VP40"= vp4vfw.dll

"vidc.X264"= x264vfw.dll

"VIDC.MSUD"= msulvc05.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 16:30 249856 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 16:30 81920 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Mozillacorp"=c:\windows\system32\system.exe

"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"googletalk"=c:\arquivos de programas\Google\Google Talk\googletalk.exe /autostart

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

 

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-08 114768]

R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-08 20560]

S1 d4a6b76a;d4a6b76a;c:\windows\system32\drivers\d4a6b76a.sys --> c:\windows\system32\drivers\d4a6b76a.sys [?]

S2 MSNETDED;Network Monitor service;"c:\windows\system\svhost.exe" --> c:\windows\system\svhost.exe [?]

UnknownUnknown GbpSv;GbpSv; [x]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1275210071-839522115-500.job

- c:\documents and settings\Administrador\Configura []

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{782ff274-abfa-4c66-b7c7-5cac5249e2fd} - (no file)

 

 

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyServer = proxymo.sociesc.com.br:3128

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\u375780p.default\

FF - prefs.js: network.proxy.type - 4

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-10 19:22:16

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GbpSv]

"ImagePath"="c:\arquiv~1\GbPlugin\GbpSv.exe"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(588)

c:\arquiv~1\GbPlugin\gbiehabn.dll

c:\windows\system32\Ati2evxx.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\docume~1\ADMINI~1\CONFIG~1\temp\RtkBtMnt.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-10 19:23:52 - Máquina reiniciou [Administrador]

ComboFix-quarantined-files.txt 2009-03-10 22:23:49

ComboFix2.txt 2009-03-09 14:06:33

 

Pré-execução: 11 pasta(s) 14,545,584,128 bytes disponíveis

Pós execução: 11 pasta(s) 14,545,674,240 bytes disponíveis

 

395

 

 

 

 

Obrigado pela atençao!!

 

Copie,todo conteúdo citado abaixo e cole no Bloco de Notas.

Salve o arquivo na área de trabalho com o nome de: CFScript.txt

File::

c:\WINDOWS\system\msrsys32.exe

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSNETDED]

@="Service"

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msrsys]

@="Service"

 

Arraste o CFScript.txt até o ícone do Combofix, conforme ilustração abaixo:

 

Atenda à solicitação,que deverá surgir,para rodar o ComboFix

OBS: Arraste o CFScript até para o ícone até que apareça a janela(pequena) do combofix

Ao final poste o ComboFix.txt juntamente com o novo log do hijackthis

 

Obs.: Execute a ação com o seu pendrive conectado ao PC.

 

Aguardo retorno

[Silas Martins 0]

Você Não postou o novo log do Hijackthis como foi solicitado, peço que gere um novo log do Hijackthis e poste.

Aguardo o retorno :thumbsup:

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.