[Arquivado] services.exe erro. reiniciando após 1min.

[Fernando P. 0]

Opa. Gostaria de pedir uma ajuda com um problema que estou tendo. Seguinte: quando inicio o meu Computador da essa mensagem "O services.exe encontrou um problema e precisa ser fechado" - quando tu clica para enviar ou não enviar aparece uma mensagem dizendo que o computador precisa ser reiniciado em 1min. Já li um tópico e tentei usar o ComboFix mas ele inicia, mas só fica a telinha azul e nada mais.

Queria que me ajudassem, desde já agradeço. Aqui está o log do hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:29:31, on 9/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\UPHClean\uphclean.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DSLink 180U\Adsl\dslstat.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\DSLink 180U\Adsl\dslagent.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\csrcs.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dwwin.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Fernando\Downloads\HiJackThis\HijackThis.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\net.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\DSLink 180U\Adsl\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\DSLink 180U\Adsl\dslagent.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: fmnupd32.exe

O4 - Startup: zqosys32.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{C19403E2-D262-41CC-A59C-FFBC12834A5D}: NameServer = 201.10.128.3 201.10.1.2

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

 

--

End of file - 7544 bytes

[PedroN 1]

Opa Fernando P. seja bem vindo ao fórum Imasters

 

- Faça o download do SDFIX

 

Reinicie seu computador, e aperte a tecla F8 (F5 em alguns casos) intermitentemente durante a inicialização, até aparecer um menu onde você deverá escolher a opção Modo Seguro

 

1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat

2. Tecle Y para que a ferramenta inicie o processo de remoção

3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente

4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.

5. Uma janela com o relatório do SDFix irá aparecer.

6. Copie e cole este relatório na sua resposta . Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt.

[Fernando P. 0]

Bah velho... não deu mais a mensagem mesmo... ta fluindo lisinho! valeu mesmo, virei fã do site! :grin:

Eu tinha feito um scan com o kaspersky.. vo só mostra o log:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Tuesday, June 9, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Tuesday, June 09, 2009 20:07:07

Records in database: 2332328

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

I:\

 

Scan statistics:

Files scanned: 59914

Threat name: 5

Infected objects: 7

Suspicious objects: 0

Duration of the scan: 00:34:16

 

 

File name / Threat name / Threats count

C:\WINDOWS\system32\csrcs.exe//PE_Patch.UPX//UPX/C:\WINDOWS\system32\csrcs.exe//PE_Patch.UPX//UPX Infected: Packed.Win32.Klone.bj 1

svchost.exe\svchost.exe/svchost.exe\svchost.exe Infected: Trojan-PSW.Win32.Agent.mzh 1

C:\Documents and Settings\WinXP\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\63\12c83dbf-2b000821 Infected: Trojan-Banker.Win32.Banker.ajfo 1

C:\Documents and Settings\WinXP\Menu Iniciar\Programas\Inicializar\fmnupd32.exe Infected: Trojan.Win32.Inject.acyf 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\csrcs.exe.vir Infected: Packed.Win32.Klone.bj 1

C:\WINDOWS\system32\csrcs.exe Infected: Packed.Win32.Klone.bj 1

C:\WINDOWS\system32\ubb.exe Infected: Trojan.Win32.Agent.cklo 1

 

The selected area was scanned.

 

 

--------------------------------------------------------------------------------------------------------------------------------------------------------

 

Agora o Log do SDFix:

 

 

SDFix: Version 1.240

Run by Administrador on ter 09/06/2009 at 18:01

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\Fernando\Downloads\SDFix\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\csrcs.exe - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-09 18:04:29

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdb3bd89]

"ImagePath"="\SystemRoot\System32\drivers\fdb3bd89.sys"

"Type"=dword:00000001

"Start"=dword:00000001

"ErrorControl"=dword:00000001

"F96ZK6nPB"="Z3Jpemltdm96aW0ubmFtZQ=="

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fdb3bd89]

"ImagePath"="\SystemRoot\System32\drivers\fdb3bd89.sys"

"Type"=dword:00000001

"Start"=dword:00000001

"ErrorControl"=dword:00000001

"F96ZK6nPB"="Z3Jpemltdm96aW0ubmFtZQ=="

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000000

"TracesSuccessful"=dword:00000000

"LastTraceFailure"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\\Arquivos de programas\\Emule\\emule.exe"="C:\\Arquivos de programas\\Emule\\emule.exe:*:Disabled:eMule"

"C:\\Arquivos de programas\\Emule\\eMule0.49b-Mephisto_v2.1-bin\\emule.exe"="C:\\Arquivos de programas\\Emule\\eMule0.49b-Mephisto_v2.1-bin\\emule.exe:*:Enabled:eMule"

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"="C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"="C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"

"C:\\Gamemaxx\\Cabal Online\\launcher\\update\\ESTdnheadless.exe"="C:\\Gamemaxx\\Cabal Online\\launcher\\update\\ESTdnheadless.exe:*:Enabled:EST! download engine"

"C:\\Arquivos de programas\\Taikodom\\taikodom-game.exe"="C:\\Arquivos de programas\\Taikodom\\taikodom-game.exe:*:Enabled:taikodom-game"

"C:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"="C:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe:*:Enabled:Java Platform SE binary"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

Remaining Files :

 

 

File Backups: - C:\Fernando\DOWNLO~1\SDFix\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Sun 13 Apr 2008 1,695,232 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"

Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"

Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"

Wed 22 Oct 2008 962,896 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\Tools.dll"

Mon 24 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

 

Finished!

 

 

Denovo valeuzão pela mão. Vo começa a frquenta o forum!

[PedroN 1]

Opa Fernando P. Continue os meus passos por favor.

 

1° Passo.

 

• Vá a este Link,e baixe: < Malwarebytes >

• Atualize o programa!

• Escolha o escaneamento Rápido!

• Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste, o relatório: mbam-log-2008-xx-xx (00-00-00).txt

 

2° Passo.

 

Faça o download do Random's System Information Tool (RSIT)

http://images.malwareremoval.com/random/RSIT.exe

Salve na sua área de trabalho.

 

◘ Execute o RSIT.exe.

◘ Haverá uma janela informativa:

◘ List files/folders created or modified in the last: 1 month

◘ Clique em Continue.

 

Quando terminar, dois blocos de notas serão abertos:

log.txt -> abrirá maximizado

info.txt -> abrirá minimizado.

 

poste o arquivo log.txt na sua proxima resposta.

 

Uma cópia desses arquivos ficará salva na pasta C:\RSIT

 

Obs: Se o seu firewall alertar sobre o arquivo rsit.exe tentando se conectar, certifique-se de permitir (allow).

[Fernando P. 0]

Ola novamente... Passei o scan do Malwarebytes... aqui vai o log do Malwarebytes:

 

Malwarebytes' Anti-Malware 1.37

Versão do banco de dados: 2259

Windows 5.1.2600 Service Pack 3

 

10/6/2009 18:32:52

mbam-log-2009-06-10 (18-32-52).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 86556

Tempo decorrido: 1 minute(s), 55 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 2

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\glaide32 (Rootkit.Rustok) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

c:\WINDOWS\Temp\wpv671243627542.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\WinXP\Dados de aplicativos\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

Depois de passa o scan do malwarebytes e reinicia o PC o Avast detecto esse glaide32 denovo infectado sendo que eu ja tinha acabado de exlui, então passei o scan do Malwarebytes novamente e aqui vai o novo log:

 

Malwarebytes' Anti-Malware 1.37

Versão do banco de dados: 2259

Windows 5.1.2600 Service Pack 3

 

10/6/2009 18:45:00

mbam-log-2009-06-10 (18-45-00).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 86734

Tempo decorrido: 1 minute(s), 39 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 2

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\glaide32 (Rootkit.Rustok) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

c:\WINDOWS\Temp\wpv751243627542.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\WinXP\Dados de aplicativos\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

 

Os mesmos virus denovo. Acho que algo esta infectando eles quando eu reinicio, sei la.

Tress arquivos estão sendo encontrados pelo avats cada vez que passo o scan do malwarebytes e reinicio: beep.sys, null.sys e glaide32 denovo... é a terceira vez que aparece como infectado...

O log do RSIT está aqui:

 

System drive C: has 132 GB (90%) free of 146 GB

Total RAM: 3318 MB (82% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:49:13, on 10/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\UPHClean\uphclean.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\DSLink 180U\Adsl\dslstat.exe

C:\Program Files\DSLink 180U\Adsl\dslagent.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\WinXP\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\WinXP\Desktop\RSIT.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Temp\wpv541243627542.exe

C:\DOCUME~1\WinXP\CONFIG~1\Temp\RarSFX0\install.exe

C:\Fernando\Downloads\HiJackThis\WinXP.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\DSLink 180U\Adsl\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\DSLink 180U\Adsl\dslagent.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\WinXP\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: zqosys32.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C19403E2-D262-41CC-A59C-FFBC12834A5D}: NameServer = 201.10.1.2 201.10.120.3

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 7465 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]

Octh Class - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll [2009-05-19 171208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-06-05 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-05 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-28 16862720]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]

"DSLSTATEXE"=C:\Program Files\DSLink 180U\Adsl\dslstat.exe [2003-08-05 299008]

"DSLAGENTEXE"=C:\Program Files\DSLink 180U\Adsl\dslagent.exe [2003-08-05 16384]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-10-12 196608]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"Google Update"=C:\Documents and Settings\WinXP\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [2009-06-09 133104]

 

C:\Documents and Settings\WinXP\Menu Iniciar\Programas\Inicializar

zqosys32.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Arquivos de programas\Emule\eMule0.49b-Mephisto_v2.1-bin\emule.exe"="C:\Arquivos de programas\Emule\eMule0.49b-Mephisto_v2.1-bin\emule.exe:*:Enabled:eMule"

"C:\Arquivos de programas\Orbitdownloader\orbitdm.exe"="C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"

"C:\Arquivos de programas\Orbitdownloader\orbitnet.exe"="C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

"C:\Gamemaxx\Cabal Online\launcher\update\ESTdnheadless.exe"="C:\Gamemaxx\Cabal Online\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"

"C:\Arquivos de programas\Java\jre6\bin\java.exe"="C:\Arquivos de programas\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2009-06-10 18:49:06 ----D---- C:\rsit

2009-06-10 18:30:23 ----SHD---- C:\RECYCLER

2009-06-10 18:29:11 ----D---- C:\Documents and Settings\WinXP\Dados de aplicativos\Malwarebytes

2009-06-10 18:29:07 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2009-06-10 18:29:07 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-06-10 15:39:09 ----A---- C:\ComboFix.txt

2009-06-10 15:34:39 ----A---- C:\Boot.bak

2009-06-10 15:34:36 ----RASHD---- C:\cmdcons

2009-06-10 15:31:14 ----A---- C:\WINDOWS\PEV.exe

2009-06-09 18:00:14 ----D---- C:\WINDOWS\ERUNT

2009-06-09 13:58:08 ----A---- C:\WINDOWS\zip.exe

2009-06-09 13:58:08 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-06-09 13:58:08 ----A---- C:\WINDOWS\SWSC.exe

2009-06-09 13:58:08 ----A---- C:\WINDOWS\SWREG.exe

2009-06-09 13:58:08 ----A---- C:\WINDOWS\sed.exe

2009-06-09 13:58:08 ----A---- C:\WINDOWS\NIRCMD.exe

2009-06-09 13:58:08 ----A---- C:\WINDOWS\grep.exe

2009-06-09 13:52:31 ----D---- C:\WINDOWS\ERDNT

2009-06-09 13:43:57 ----D---- C:\Qoobox

2009-06-08 19:27:14 ----D---- C:\Arquivos de programas\hp deskjet 656c series

2009-06-08 19:27:07 ----D---- C:\Arquivos de programas\Hewlett-Packard

2009-06-08 16:52:12 ----D---- C:\Arquivos de programas\PhotoFiltre

2009-06-08 13:08:06 ----D---- C:\Documents and Settings\WinXP\Dados de aplicativos\Audacity

2009-06-08 13:08:02 ----D---- C:\Arquivos de programas\Audacity

2009-06-08 10:33:48 ----D---- C:\Documents and Settings\WinXP\Dados de aplicativos\Help

2009-06-07 20:33:15 ----D---- C:\Eloi

2009-06-07 13:29:50 ----D---- C:\WINDOWS\.jagex_cache_32

2009-06-07 13:29:42 ----D---- C:\WINDOWS\Sun

2009-06-06 23:38:06 ----D---- C:\Arquivos de programas\AstroNest

2009-06-06 15:37:38 ----D---- C:\Gamemaxx

2009-06-05 23:21:31 ----D---- C:\Documents and Settings\WinXP\Dados de aplicativos\foobar2000

2009-06-05 23:12:09 ----D---- C:\Documents and Settings\WinXP\Dados de aplicativos\Orbit

2009-06-05 23:12:09 ----D---- C:\Arquivos de programas\Orbitdownloader

2009-06-05 20:54:47 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Macrovision

2009-06-05 20:54:18 ----N---- C:\WINDOWS\system32\msvcr70.dll

2009-06-05 20:54:18 ----N---- C:\WINDOWS\system32\mfc70enu.dll

2009-06-05 20:54:18 ----N---- C:\WINDOWS\system32\mfc70.dll

2009-06-05 20:54:17 ----D---- C:\Arquivos de programas\Arquivos comuns\Macromedia Shared

2009-06-05 20:54:16 ----D---- C:\Arquivos de programas\Arquivos comuns\Macromedia

2009-06-05 20:54:13 ----D---- C:\Arquivos de programas\Macromedia

2009-06-05 20:14:32 ----D---- C:\Documents and Settings\WinXP\Dados de aplicativos\fretsonfire

2009-06-05 20:14:23 ----D---- C:\Arquivos de programas\Frets on Fire

2009-06-05 20:00:23 ----D---- C:\Arquivos de programas\Adobe

2009-06-05 19:05:15 ----A---- C:\WINDOWS\system32\d3dx10_40.dll

2009-06-05 19:05:15 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll

2009-06-05 19:05:14 ----A---- C:\WINDOWS\system32\XAudio2_3.dll

2009-06-05 19:05:14 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll

2009-06-05 19:05:14 ----A---- C:\WINDOWS\system32\D3DX9_40.dll

2009-06-05 19:05:13 ----A---- C:\WINDOWS\system32\XAudio2_2.dll

2009-06-05 19:05:13 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll

2009-06-05 19:05:13 ----A---- C:\WINDOWS\system32\xactengine3_3.dll

2009-06-05 19:05:13 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll

2009-06-05 19:05:12 ----A---- C:\WINDOWS\system32\xactengine3_2.dll

2009-06-05 19:05:12 ----A---- C:\WINDOWS\system32\D3DX9_39.dll

2009-06-05 19:05:12 ----A---- C:\WINDOWS\system32\d3dx10_39.dll

2009-06-05 19:05:12 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll

2009-06-05 18:44:15 ----D---- C:\Arquivos de programas\Emule

2009-06-05 18:13:20 ----D---- C:\Fernando

2009-06-05 18:12:31 ----D---- C:\Arquivos de programas\foobar2000

2009-06-05 18:02:20 ----A---- C:\WINDOWS\system32\XAudio2_1.dll

2009-06-05 18:02:20 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll

2009-06-05 18:02:20 ----A---- C:\WINDOWS\system32\xactengine3_1.dll

2009-06-05 18:02:20 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll

2009-06-05 18:02:20 ----A---- C:\WINDOWS\system32\d3dx10_38.dll

2009-06-05 18:02:20 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll

2009-06-05 18:02:19 ----A---- C:\WINDOWS\system32\XAudio2_0.dll

2009-06-05 18:02:19 ----A---- C:\WINDOWS\system32\xactengine3_0.dll

2009-06-05 18:02:19 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll

2009-06-05 18:02:19 ----A---- C:\WINDOWS\system32\D3DX9_38.dll

2009-06-05 18:02:18 ----A---- C:\WINDOWS\system32\xactengine2_10.dll

2009-06-05 18:02:18 ----A---- C:\WINDOWS\system32\D3DX9_37.dll

2009-06-05 18:02:18 ----A---- C:\WINDOWS\system32\d3dx10_37.dll

2009-06-05 18:02:18 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll

2009-06-05 18:02:17 ----A---- C:\WINDOWS\system32\d3dx9_36.dll

2009-06-05 18:02:17 ----A---- C:\WINDOWS\system32\d3dx10_36.dll

2009-06-05 18:02:17 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll

2009-06-05 18:02:16 ----A---- C:\WINDOWS\system32\xactengine2_9.dll

2009-06-05 18:02:16 ----A---- C:\WINDOWS\system32\d3dx9_35.dll

2009-06-05 18:02:16 ----A---- C:\WINDOWS\system32\d3dx10_35.dll

2009-06-05 18:02:16 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll

2009-06-05 18:02:15 ----A---- C:\WINDOWS\system32\xactengine2_8.dll

2009-06-05 18:02:15 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll

2009-06-05 18:02:15 ----A---- C:\WINDOWS\system32\d3dx9_34.dll

2009-06-05 18:02:15 ----A---- C:\WINDOWS\system32\d3dx10_34.dll

2009-06-05 18:02:15 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll

2009-06-05 18:02:14 ----A---- C:\WINDOWS\system32\xinput1_3.dll

2009-06-05 18:02:14 ----A---- C:\WINDOWS\system32\xactengine2_7.dll

2009-06-05 18:02:14 ----A---- C:\WINDOWS\system32\d3dx10_33.dll

2009-06-05 18:02:14 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll

2009-06-05 18:02:13 ----A---- C:\WINDOWS\system32\d3dx9_33.dll

2009-06-05 18:02:12 ----A---- C:\WINDOWS\system32\xactengine2_6.dll

2009-06-05 18:02:12 ----A---- C:\WINDOWS\system32\xactengine2_5.dll

2009-06-05 18:02:12 ----A---- C:\WINDOWS\system32\xactengine2_4.dll

2009-06-05 18:02:12 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll

2009-06-05 18:02:12 ----A---- C:\WINDOWS\system32\d3dx9_32.dll

2009-06-05 18:02:12 ----A---- C:\WINDOWS\system32\d3dx9_31.dll

2009-06-05 18:02:11 ----A---- C:\WINDOWS\system32\xinput1_2.dll

2009-06-05 18:02:11 ----A---- C:\WINDOWS\system32\xinput1_1.dll

2009-06-05 18:02:11 ----A---- C:\WINDOWS\system32\xactengine2_3.dll

2009-06-05 18:02:11 ----A---- C:\WINDOWS\system32\xactengine2_2.dll

2009-06-05 18:02:11 ----A---- C:\WINDOWS\system32\xactengine2_1.dll

2009-06-05 18:02:07 ----A---- C:\WINDOWS\system32\xactengine2_0.dll

2009-06-05 18:02:07 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll

2009-06-05 18:02:07 ----A---- C:\WINDOWS\system32\d3dx9_29.dll

2009-06-05 18:02:06 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll

2009-06-05 18:02:06 ----A---- C:\WINDOWS\system32\d3dx9_27.dll

2009-06-05 18:02:06 ----A---- C:\WINDOWS\system32\d3dx9_26.dll

2009-06-05 18:02:05 ----A---- C:\WINDOWS\system32\d3dx9_25.dll

2009-06-05 18:02:05 ----A---- C:\WINDOWS\system32\d3dx9_24.dll

2009-06-05 18:01:48 ----D---- C:\WINDOWS\Logs

2009-06-05 18:00:52 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

2009-06-05 18:00:50 ----A---- C:\WINDOWS\system32\PnkBstrA.exe

2009-06-05 18:00:50 ----A---- C:\WINDOWS\system32\pbsvc.exe

2009-06-05 17:15:11 ----A---- C:\WINDOWS\system32\hidserv.dll

2009-06-05 14:44:06 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-06-05 14:43:18 ----A---- C:\WINDOWS\system32\jit.dll

2009-06-05 14:43:18 ----A---- C:\WINDOWS\system32\javaee.dll

2009-06-05 14:43:18 ----A---- C:\WINDOWS\setdebug.exe

2009-06-05 14:43:17 ----A---- C:\WINDOWS\system32\dx3j.dll

2009-06-05 14:43:13 ----A---- C:\WINDOWS\system32\wjview.exe

2009-06-05 14:43:13 ----A---- C:\WINDOWS\system32\vmhelper.dll

2009-06-05 14:43:13 ----A---- C:\WINDOWS\system32\msjdbc10.dll

2009-06-05 14:43:12 ----A---- C:\WINDOWS\system32\msjava.dll

2009-06-05 14:43:12 ----A---- C:\WINDOWS\system32\msawt.dll

2009-06-05 14:43:12 ----A---- C:\WINDOWS\system32\jview.exe

2009-06-05 14:43:12 ----A---- C:\WINDOWS\system32\jdbgmgr.exe

2009-06-05 14:43:12 ----A---- C:\WINDOWS\system32\javart.dll

2009-06-05 14:43:12 ----A---- C:\WINDOWS\system32\javaprxy.dll

2009-06-05 14:43:12 ----A---- C:\WINDOWS\system32\javacypt.dll

2009-06-05 14:43:11 ----A---- C:\WINDOWS\system32\clspack.exe

2009-06-05 14:41:32 ----A---- C:\WINDOWS\system32\rmoc3260.dll

2009-06-05 14:41:31 ----A---- C:\WINDOWS\system32\unrar.dll

2009-06-05 14:41:31 ----A---- C:\WINDOWS\system32\pndx5032.dll

2009-06-05 14:41:31 ----A---- C:\WINDOWS\system32\pndx5016.dll

2009-06-05 14:41:31 ----A---- C:\WINDOWS\system32\pncrt.dll

2009-06-05 14:41:31 ----A---- C:\WINDOWS\avisplitter.ini

2009-06-05 14:41:30 ----A---- C:\WINDOWS\system32\yv12vfw.dll

2009-06-05 14:41:29 ----A---- C:\WINDOWS\system32\xvidvfw.dll

2009-06-05 14:41:29 ----A---- C:\WINDOWS\system32\xvidcore.dll

2009-06-05 14:41:29 ----A---- C:\WINDOWS\system32\qt-dx331.dll

2009-06-05 14:41:29 ----A---- C:\WINDOWS\system32\dpl100.dll

2009-06-05 14:41:28 ----A---- C:\WINDOWS\system32\pthreadGC2.dll

2009-06-05 14:41:28 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest

2009-06-05 14:41:28 ----A---- C:\WINDOWS\system32\ff_vfw.dll

2009-06-05 14:41:28 ----A---- C:\WINDOWS\system32\divx.dll

2009-06-05 14:41:26 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Real

2009-06-05 14:41:26 ----D---- C:\Arquivos de programas\K-Lite Codec Pack

2009-06-05 11:54:18 ----N---- C:\WINDOWS\wwdslcfg.ini

2009-06-05 11:54:18 ----D---- C:\Program Files

2009-06-05 11:54:18 ----A---- C:\WINDOWS\system32\CoInst.dll

2009-06-05 11:51:14 ----RA---- C:\WINDOWS\system32\igfxres.dll

2009-06-05 11:50:05 ----RA---- C:\WINDOWS\system32\iglicd32.dll

2009-06-05 11:50:05 ----RA---- C:\WINDOWS\system32\igldev32.dll

2009-06-05 11:50:05 ----RA---- C:\WINDOWS\system32\igfxexps.dll

2009-06-05 11:50:05 ----RA---- C:\WINDOWS\system32\igfxCoIn_v4926.dll

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igxprd32.dll

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igxpgd32.dll

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igxpdx32.dll

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igxpdv32.dll

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igfxzoom.exe

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igfxtray.exe

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igfxsrvc.exe

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igfxsrvc.dll

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igfxress.dll

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igfxpph.dll

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igfxpers.exe

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igfxext.exe

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igfxdo.dll

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igfxdev.dll

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\igfxcfg.exe

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\hkcmd.exe

2009-06-05 11:50:04 ----RA---- C:\WINDOWS\system32\hccutils.dll

2009-06-05 11:50:02 ----RA---- C:\WINDOWS\system32\igxpun.exe

2009-06-05 11:49:52 ----R---- C:\WINDOWS\system32\ChCfg.exe

2009-06-05 11:49:33 ----R---- C:\WINDOWS\RtlExUpd.dll

2009-06-05 11:49:13 ----D---- C:\WINDOWS\OPTIONS

2009-06-05 11:49:13 ----D---- C:\Arquivos de programas\Realtek

2009-06-05 11:49:07 ----D---- C:\Documents and Settings\WinXP\Dados de aplicativos\InstallShield

2009-06-05 11:48:57 ----D---- C:\Arquivos de programas\Intel

2009-06-05 11:48:57 ----A---- C:\WINDOWS\system32\CSVer.dll

2009-06-05 10:08:04 ----R---- C:\WINDOWS\RtlUpd.exe

2009-06-05 10:08:04 ----R---- C:\WINDOWS\Alcmtr.exe

2009-06-05 10:08:02 ----R---- C:\WINDOWS\alcwzrd.exe

2009-06-05 10:07:59 ----R---- C:\WINDOWS\SoundMan.exe

2009-06-05 10:07:59 ----R---- C:\WINDOWS\RTLCPL.exe

2009-06-05 10:07:58 ----R---- C:\WINDOWS\SkyTel.exe

2009-06-05 10:07:57 ----R---- C:\WINDOWS\MicCal.exe

2009-06-05 10:07:52 ----R---- C:\WINDOWS\RTHDCPL.exe

2009-06-05 09:30:14 ----D---- C:\Intel

 

======List of files/folders modified in the last 1 months======

 

2009-06-10 18:49:11 ----D---- C:\WINDOWS\system32\drivers

2009-06-10 18:49:11 ----D---- C:\WINDOWS\Prefetch

2009-06-10 18:49:07 ----D---- C:\WINDOWS\system32\CatRoot2

2009-06-10 18:49:01 ----D---- C:\WINDOWS\Temp

2009-06-10 18:47:35 ----D---- C:\WINDOWS

2009-06-10 18:47:04 ----RD---- C:\Arquivos de programas

2009-06-10 18:46:23 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-06-10 18:46:01 ----HD---- C:\WINDOWS\inf

2009-06-10 18:40:33 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-06-10 18:34:18 ----HD---- C:\WINDOWS\$hf_mig$

2009-06-10 18:31:43 ----D---- C:\WINDOWS\system32

2009-06-10 15:38:34 ----SD---- C:\WINDOWS\Tasks

2009-06-10 15:37:53 ----A---- C:\WINDOWS\system.ini

2009-06-10 15:36:22 ----D---- C:\WINDOWS\system32\config

2009-06-10 15:35:49 ----D---- C:\WINDOWS\AppPatch

2009-06-10 15:35:47 ----D---- C:\Arquivos de programas\Arquivos comuns

2009-06-10 15:34:39 ----RASH---- C:\boot.ini

2009-06-10 14:28:35 ----D---- C:\WINDOWS\Minidump

2009-06-10 13:20:37 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-06-10 13:05:51 ----D---- C:\WINDOWS\system32\LogFiles

2009-06-09 19:06:47 ----SHD---- C:\WINDOWS\Installer

2009-06-09 18:59:43 ----SHD---- C:\System Volume Information

2009-06-09 18:59:43 ----D---- C:\WINDOWS\system32\Restore

2009-06-09 18:56:00 ----D---- C:\Documents and Settings\WinXP\Dados de aplicativos\Adobe

2009-06-09 18:39:37 ----SD---- C:\Documents and Settings\WinXP\Dados de aplicativos\Microsoft

2009-06-09 17:59:08 ----D---- C:\Documents and Settings

2009-06-09 14:07:07 ----A---- C:\WINDOWS\win.ini

2009-06-06 23:38:16 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2009-06-06 17:34:30 ----RSD---- C:\WINDOWS\Fonts

2009-06-05 20:54:46 ----D---- C:\Documents and Settings\WinXP\Dados de aplicativos\Macromedia

2009-06-05 20:00:25 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

2009-06-05 20:00:24 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe

2009-06-05 19:23:55 ----RSD---- C:\WINDOWS\assembly

2009-06-05 19:20:17 ----D---- C:\WINDOWS\Microsoft.NET

2009-06-05 19:04:31 ----D---- C:\WINDOWS\system32\DirectX

2009-06-05 19:04:25 ----D---- C:\WINDOWS\system32\mui

2009-06-05 18:03:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-06-05 18:02:57 ----D---- C:\WINDOWS\WinSxS

2009-06-05 18:01:47 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2009-06-05 17:57:27 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2009-06-05 17:47:25 ----D---- C:\Documents and Settings\WinXP\Dados de aplicativos\Real

2009-06-05 17:20:44 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

2009-06-05 17:20:09 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-06-05 16:02:28 ----D---- C:\WINDOWS\Debug

2009-06-05 15:56:38 ----D---- C:\WINDOWS\system32\wbem

2009-06-05 15:54:33 ----D---- C:\WINDOWS\system32\pt-br

2009-06-05 15:54:33 ----D---- C:\Arquivos de programas\Internet Explorer

2009-06-05 15:54:28 ----D---- C:\WINDOWS\ie7updates

2009-06-05 14:47:18 ----D---- C:\Arquivos de programas\CONEXANT

2009-06-05 14:44:42 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-06-05 14:44:00 ----A---- C:\WINDOWS\system32\javaws.exe

2009-06-05 14:44:00 ----A---- C:\WINDOWS\system32\javaw.exe

2009-06-05 14:44:00 ----A---- C:\WINDOWS\system32\java.exe

2009-06-05 14:43:58 ----D---- C:\Arquivos de programas\Java

2009-06-05 14:43:21 ----D---- C:\WINDOWS\Help

2009-06-05 14:43:17 ----D---- C:\WINDOWS\java

2009-06-05 14:41:29 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy

2009-06-05 11:55:06 ----D---- C:\WINDOWS\system32\CatRoot

2009-06-05 11:53:15 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-06-05 11:50:02 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-06-05 11:49:52 ----D---- C:\WINDOWS\system32\RTCOM

2009-06-05 09:31:17 ----D---- C:\WINDOWS\system

2009-06-05 09:30:04 ----D---- C:\Documents and Settings\WinXP\Dados de aplicativos\Lavasoft

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-06-01 37040]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-06-01 38576]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R2 rspndr;Respondente de Descoberta de Topologia de Camada de Link; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-07-18 990592]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2006-07-18 256128]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-02 4752384]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-05-07 106368]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 wanusb;GlobespanVirata USB ADSL WAN Modem; C:\WINDOWS\system32\DRIVERS\gwausb.sys [2003-08-05 147441]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-07-18 728192]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-06-01 118704]

S1 Dup;Dup; \??\C:\WINDOWS\System32\DRIVERS\dup.sys []

S1 fdb3bd89;fdb3bd89; C:\WINDOWS\System32\drivers\fdb3bd89.sys []

S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys []

S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2008-04-13 607196]

S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys []

S3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 RTL8169;Realtek 8169 NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlh86.sys [2006-12-08 67072]

S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys []

S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys []

S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys []

S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-06 1222840]

S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 XDva224;XDva224; \??\C:\WINDOWS\system32\XDva224.sys []

S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-07-26 248832]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [2007-06-01 1551408]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-06-05 152984]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-05 66872]

R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-06-05 107832]

R2 UPHClean;User Profile Hive Cleanup; C:\Arquivos de programas\UPHClean\uphclean.exe [2005-04-27 241725]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

S2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\STacSV.exe [2007-05-06 94208]

S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe [2009-06-05 68096]

S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]

S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

 

-----------------EOF-----------------

 

O Avast agora tambem fica dando uma mensagem assim: "Alerta de vírus do avast ! Mensagem suspeita ! Há excessivos e-mails para o tempo fixado" e aperecem rementes desconhecidos com frases nada a ver tipo "1200 bucks free" "new --- site" e tal.. aparece varias vezes e seguidas, depois para um tempo e volta a aparecer.

Obrigado pela ajuda...

[Fernando P. 0]

Aff ... acabei de reinicia! Deu a maldita "tela azul" ;... segue uma imagem, ta meio disnitida mas dá pra ler acho: http://img23.imageshack.us/img23/9808/pic00012okj.jpg

como devo proceder?

[Fernando P. 0]

Olá amigo!

 

Acho que o problema está quando conecto com a internet.

Primeiramente reiniciei meu computador em modo de segurança e rodei o ComboFix. Após scan e exclusão dos problemas rodei um scan completo do Malwarebytes cujo logs seguem respectivamente:

 

ComboFix:

 

ComboFix 09-06-09.06 - WinXP 10/06/2009 20:38.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3318.3036 [GMT -3:00]

Executando de: c:\fernando\Downloads\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090610-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\WinXP\Dados de aplicativos\wiaserva.log

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_glaide32

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-10 to 2009-06-10 ))))))))))))))))))))))))))))

.

 

2009-06-10 21:49 . 2009-06-10 21:49 -------- d-----w- C:\rsit

2009-06-10 21:29 . 2009-06-10 21:29 -------- d-----w- c:\documents and settings\WinXP\Dados de aplicativos\Malwarebytes

2009-06-10 21:29 . 2009-05-26 16:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-10 21:29 . 2009-06-10 21:29 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-06-10 21:29 . 2009-06-10 21:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-06-10 21:29 . 2009-05-26 16:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-09 22:03 . 2009-06-09 22:03 19808 ----a-w- c:\windows\system32\drivers\dup.sys

2009-06-09 21:01 . 2009-06-09 21:01 579072 -c--a-w- c:\windows\system32\dllcache\user32.dll

2009-06-09 21:00 . 2009-06-09 21:00 -------- d-----w- c:\windows\ERUNT

2009-06-08 22:27 . 2009-06-08 22:27 376 ----a-w- c:\windows\mozregistry.dat

2009-06-08 22:27 . 2009-06-08 22:29 -------- d-----w- c:\arquivos de programas\hp deskjet 656c series

2009-06-08 22:27 . 2009-06-08 22:27 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2009-06-08 22:26 . 2008-04-13 14:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2009-06-08 22:26 . 2008-04-13 14:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2009-06-08 19:52 . 2009-06-08 21:47 -------- d-----w- c:\arquivos de programas\PhotoFiltre

2009-06-08 16:08 . 2009-06-08 16:33 -------- d-----w- c:\documents and settings\WinXP\Dados de aplicativos\Audacity

2009-06-08 16:08 . 2009-06-08 16:08 -------- d-----w- c:\arquivos de programas\Audacity

2009-06-07 23:33 . 2009-06-09 00:55 -------- d-----w- C:\Eloi

2009-06-07 16:30 . 2009-06-07 16:33 34 ----a-w- c:\documents and settings\WinXP\jagex_runescape_preferences.dat

2009-06-07 16:29 . 2009-06-07 16:29 -------- d-----w- c:\windows\.jagex_cache_32

2009-06-07 16:29 . 2009-06-07 16:29 -------- d-----w- c:\windows\Sun

2009-06-07 12:19 . 2009-06-09 21:06 0 ----a-w- c:\windows\system32\drivers\fdb3bd89.sys

2009-06-07 02:38 . 2009-06-07 02:38 -------- d-----w- c:\arquivos de programas\AstroNest

2009-06-06 18:37 . 2009-06-06 18:37 -------- d-----w- C:\Gamemaxx

2009-06-06 02:21 . 2009-06-08 20:42 -------- d-----w- c:\documents and settings\WinXP\Dados de aplicativos\foobar2000

2009-06-06 02:12 . 2009-06-10 23:19 -------- d-----w- c:\documents and settings\WinXP\Dados de aplicativos\Orbit

2009-06-06 02:12 . 2009-06-06 02:12 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2009-06-05 23:54 . 2009-06-05 23:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Macrovision

2009-06-05 23:54 . 2002-01-05 10:48 974848 ------w- c:\windows\system32\mfc70.dll

2009-06-05 23:54 . 2002-01-05 10:10 57344 ------w- c:\windows\system32\mfc70enu.dll

2009-06-05 23:54 . 2002-01-05 09:37 344064 ------w- c:\windows\system32\msvcr70.dll

2009-06-05 23:54 . 2009-06-05 23:54 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macromedia Shared

2009-06-05 23:54 . 2009-06-05 23:54 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macromedia

2009-06-05 23:54 . 2009-06-05 23:54 -------- d-----w- c:\arquivos de programas\Macromedia

2009-06-05 23:14 . 2009-06-05 23:14 -------- d-----w- c:\documents and settings\WinXP\Dados de aplicativos\fretsonfire

2009-06-05 23:14 . 2009-06-05 23:15 -------- d-----w- c:\arquivos de programas\Frets on Fire

2009-06-05 21:44 . 2009-06-05 21:44 -------- d-----w- c:\arquivos de programas\Emule

2009-06-05 21:13 . 2009-06-08 23:21 -------- d-----w- C:\Fernando

2009-06-05 21:12 . 2009-06-05 21:12 -------- d-----w- c:\arquivos de programas\foobar2000

2009-06-05 21:01 . 2009-06-05 21:01 -------- d-----w- c:\windows\Logs

2009-06-05 21:01 . 2009-06-05 21:01 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-06-05 21:01 . 2009-06-05 21:01 22328 ----a-w- c:\documents and settings\WinXP\Dados de aplicativos\PnkBstrK.sys

2009-06-05 21:00 . 2009-06-05 21:01 107832 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-06-05 21:00 . 2009-06-05 21:00 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-06-05 21:00 . 2009-06-05 21:00 2250024 ----a-w- c:\windows\system32\pbsvc.exe

2009-06-05 20:15 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2009-06-05 20:15 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll

2009-06-05 20:15 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2009-06-05 20:15 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2009-06-05 20:14 . 2008-04-13 14:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2009-06-05 20:14 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-06-05 18:46 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-06-05 18:45 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-06-05 18:45 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-06-05 18:45 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe

2009-06-05 18:45 . 2009-02-09 10:53 731648 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2009-06-05 18:45 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-06-05 18:45 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-06-05 18:45 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-06-05 18:45 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-06-05 18:45 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-06-05 17:44 . 2009-06-05 17:44 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-06-05 14:54 . 2009-06-05 14:54 -------- d-----w- C:\Program Files

2009-06-05 14:54 . 2003-08-05 18:35 147441 ----a-w- c:\windows\system32\drivers\gwausb.sys

2009-06-05 14:54 . 2003-08-05 17:43 24576 ----a-w- c:\windows\system32\CoInst.dll

2009-06-05 14:54 . 2003-08-05 11:29 161251 ----a-w- c:\windows\system32\drivers\gtipdsp.bin

2009-06-05 14:51 . 2008-02-15 15:49 180224 ----a-r- c:\windows\system32\igfxres.dll

2009-06-05 14:49 . 2006-08-01 18:02 49152 ------r- c:\windows\system32\ChCfg.exe

2009-06-05 14:49 . 2008-03-05 21:07 520192 ------r- c:\windows\RtlExUpd.dll

2009-06-05 14:49 . 2009-06-05 14:49 -------- d-----w- c:\arquivos de programas\Realtek

2009-06-05 14:49 . 2009-06-05 14:49 -------- d-----w- c:\windows\OPTIONS

2009-06-05 14:49 . 2009-06-05 14:49 -------- d-----w- c:\documents and settings\WinXP\Dados de aplicativos\InstallShield

2009-06-05 14:48 . 2009-06-05 14:48 -------- d-----w- c:\arquivos de programas\Intel

2009-06-05 14:48 . 2007-12-12 18:56 53248 ----a-w- c:\windows\system32\CSVer.dll

2009-06-05 13:08 . 2008-04-02 12:27 1196032 ------r- c:\windows\RtlUpd.exe

2009-06-05 13:08 . 2005-05-03 21:43 69632 ------r- c:\windows\Alcmtr.exe

2009-06-05 13:08 . 2006-05-04 19:26 2808832 ------r- c:\windows\alcwzrd.exe

2009-06-05 13:07 . 2007-03-23 22:19 9715200 ------r- c:\windows\RTLCPL.exe

2009-06-05 13:07 . 2006-07-21 19:14 86016 ------r- c:\windows\SoundMan.exe

2009-06-05 13:07 . 2007-11-20 21:15 1826816 ------r- c:\windows\SkyTel.exe

2009-06-05 13:07 . 2007-06-28 19:44 2165760 ------r- c:\windows\MicCal.exe

2009-06-05 13:07 . 2008-05-28 17:52 16862720 ------r- c:\windows\RTHDCPL.exe

2009-06-05 13:07 . 2008-06-02 21:10 4752384 ------r- c:\windows\system32\drivers\RtkHDAud.sys

2009-06-05 13:05 . 2008-05-07 22:31 106368 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys

2009-06-05 13:03 . 2006-12-08 07:02 67072 ----a-r- c:\windows\system32\drivers\Rtlh86.sys

2009-06-05 12:30 . 2009-06-05 12:30 -------- d-----w- C:\Intel

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-10 22:58 . 2007-12-24 13:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-06-07 02:38 . 2007-12-24 13:09 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-06-05 23:00 . 2007-12-24 13:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-06-05 21:03 . 2001-10-28 15:07 75012 ----a-w- c:\windows\system32\perfc016.dat

2009-06-05 21:03 . 2001-10-28 15:07 460368 ----a-w- c:\windows\system32\perfh016.dat

2009-06-05 20:20 . 2008-10-08 16:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2009-06-05 20:20 . 2008-10-08 16:51 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-05 17:47 . 2008-03-05 17:22 -------- d-----w- c:\arquivos de programas\CONEXANT

2009-06-05 17:43 . 2007-12-24 16:53 -------- d-----w- c:\arquivos de programas\Java

2009-06-05 17:43 . 2009-06-05 17:43 2232 ----a-w- c:\windows\java\Packages\Data\EETRR9R7.DAT

2009-06-05 17:43 . 2009-06-05 17:43 155995 ----a-w- c:\windows\java\Packages\3N3TZ1JB.ZIP

2009-06-05 17:43 . 2009-06-05 17:43 2678 ----a-w- c:\windows\java\Packages\Data\8B3H31RN.DAT

2009-06-05 17:43 . 2009-06-05 17:43 152576 ----a-w- c:\documents and settings\WinXP\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2009-06-05 17:43 . 2009-06-05 17:43 2678 ----a-w- c:\windows\java\Packages\Data\OK6EGO2Z.DAT

2009-06-05 17:43 . 2009-06-05 17:43 2678 ----a-w- c:\windows\java\Packages\Data\D3R77X7J.DAT

2009-06-05 17:43 . 2009-06-05 17:43 2678 ----a-w- c:\windows\java\Packages\Data\CK671RRF.DAT

2009-06-05 17:43 . 2009-06-05 17:43 2678 ----a-w- c:\windows\java\Packages\Data\6WDBFJVF.DAT

2009-06-05 17:42 . 2009-06-05 17:41 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-06-05 17:41 . 2007-12-24 13:19 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-06-05 12:30 . 2007-12-24 13:16 -------- d-----w- c:\documents and settings\WinXP\Dados de aplicativos\Lavasoft

2009-04-02 13:21 . 2009-06-05 17:41 84480 ----a-w- c:\windows\system32\ff_vfw.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-06-10_18.37.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-10 23:43 . 2009-06-10 23:43 16384 c:\windows\temp\Perflib_Perfdata_788.dat

+ 2009-06-10 23:43 . 2009-06-10 23:43 16384 c:\windows\temp\Perflib_Perfdata_520.dat

+ 2001-10-28 15:06 . 2001-10-28 15:06 4224 c:\windows\system32\drivers\beep.sys

+ 2009-06-10 21:00 . 2009-06-10 21:00 5074 c:\windows\SoftwareDistribution\EventCache\{3B98BCE6-9F5A-4ADA-97DA-7CC9889090BE}.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"Google Update"="c:\documents and settings\WinXP\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-06-09 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"DSLSTATEXE"="c:\program files\DSLink 180U\Adsl\dslstat.exe" [2003-08-05 299008]

"DSLAGENTEXE"="c:\program files\DSLink 180U\Adsl\dslagent.exe" [2003-08-05 16384]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 196608]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-28 16862720]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

c:\documents and settings\WinXP\Menu Iniciar\Programas\Inicializar\

zqosys32.exe [2008-4-13 27648]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Emule\\eMule0.49b-Mephisto_v2.1-bin\\emule.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Gamemaxx\\Cabal Online\\launcher\\update\\ESTdnheadless.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/3/2009 10:11 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/3/2009 10:11 20560]

S1 Dup;Dup;c:\windows\system32\drivers\dup.sys [9/6/2009 19:03 19808]

S1 fdb3bd89;fdb3bd89;c:\windows\system32\drivers\fdb3bd89.sys [7/6/2009 09:19 0]

S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - 000057D7

*Deregistered* - 000057D7

*Deregistered* - uphcleanhlp

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com.br/

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

TCP: {C19403E2-D262-41CC-A59C-FFBC12834A5D} = 201.10.1.3 201.10.128.2

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-10 20:43

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(432)

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\arquivos de programas\UPHClean\uphclean.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\igfxsrvc.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-06-10 20:44 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-06-10 23:44

ComboFix2.txt 2009-06-10 18:39

 

Pré-execução: 14 pasta(s) 138.360.578.048 bytes disponíveis

Pós execução: 13 pasta(s) 138.341.146.624 bytes disponíveis

 

231 --- E O F --- 2009-06-05 18:55

 

Malwarebytes:

 

Malwarebytes' Anti-Malware 1.37

Versão do banco de dados: 2259

Windows 5.1.2600 Service Pack 3

 

10/6/2009 22:09:32

mbam-log-2009-06-10 (22-09-32).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 142442

Tempo decorrido: 9 minute(s), 31 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

Fiz também uma limpeza geral com o CCleaner.

Segue também um log atualizado do HiJackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:12:29, on 10/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\UPHClean\uphclean.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\DSLink 180U\Adsl\dslstat.exe

C:\Program Files\DSLink 180U\Adsl\dslagent.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\WinXP\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\foobar2000\foobar2000.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Fernando\Downloads\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\DSLink 180U\Adsl\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\DSLink 180U\Adsl\dslagent.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\WinXP\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 6952 bytes

 

A princípio, sem conectar na internet não tem problema algum. depois de conectar começa a dar as mensagems de virus do avast quanto aos e-mails excessivos identicos e talvez possiveis infecções.

 

Abraço.

[PedroN 1]

Baixe o Kaspersky AVP Tool

http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/

 

Salve-o em sua área de trabalho.

 

Execute o arquivo e vá seguindo os prompts.

Quando terminar, marque a caixa ao lado de Meu Computador, e depois clique em Scan

 

Tenha paciência, é um pouco demorado.

 

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Clique em Skip (queremos apenas o log).

 

Obs: Talvez seja necessário clicar em Skip várias vezes, caso o programa encontre vários arquivos, portanto seja paciente.

 

Quando o programa exibir a mensagem Scan Completed, clique na aba Events, desmarque a caixa de seleção "Show all events" e depois clique em "Save to file".

Salve o log em local de fácil acesso.

 

Baixe > GMER

 

Extraia os seus arquivos para o desktop.

 

Dê um duplo-clique no gmer.exe. Clique na aba Rootkit e depois no botão Scan.

 

IMPORTANTE: Não marque a caixa Show All.

 

Quando o scan acabar, clique em Copy para copiar o conteúdo para a área de transferência.

Abra o bloco de notas e cole o que copiou, e salve com o nome que desejar.

 

Copie e cole o conteúdo desse bloco de notas na sua resposta + o log do Kaspersky AVP Tool (não precisa colocar os Events deste log) + um novo ComboFix.txt (rode-o depois do GMER).

 

Tutorial: Sam Spade

[Fernando P. 0]

Olá! Seguinte:

 

Encontrei problemas para instalação do Kaspersky. Ele não conseguia instalar arquivos .avz e era preciso anular a instalação.

O Log do GMER está aqui:

 

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-06-11 10:03:43

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA8AAF6B8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA8AAF574]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA8AAFA52]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA8AAF14C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA8AAF64E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA8AAF08C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA8AAF0F0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA8AAF76E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA8AAF72E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA8AAF8AE]

SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA83676D0]

 

---- Kernel code sections - GMER 1.0.15 ----

 

? C:\00002891.sys O sistema não pode encontrar o arquivo especificado. !

? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys O sistema não pode encontrar o arquivo especificado. !

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002

IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

---- EOF - GMER 1.0.15 ----

 

Agora o do ComboFix após scan do GMER:

 

ComboFix 09-06-09.06 - WinXP 11/06/2009 10:04.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3318.2719 [GMT -3:00]

Executando de: c:\fernando\Downloads\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090610-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-11 to 2009-06-11 ))))))))))))))))))))))))))))

.

 

2009-06-11 12:32 . 2008-07-08 17:54 148496 ----a-w- c:\windows\system32\drivers\32210645.sys

2009-06-11 12:31 . 2009-06-11 13:06 1103904 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-06-11 12:30 . 2009-06-11 12:32 -------- d-----w- c:\windows\LastGood

2009-06-11 12:30 . 2008-07-08 17:54 148496 ----a-w- c:\windows\system32\drivers\01281598.sys

2009-06-11 12:30 . 2009-06-11 12:31 -------- d-----w- c:\arquivos de programas\Virus Removal Tool

2009-06-10 21:49 . 2009-06-10 21:49 -------- d-----w- C:\rsit

2009-06-10 21:29 . 2009-06-10 21:29 -------- d-----w- c:\documents and settings\WinXP\Dados de aplicativos\Malwarebytes

2009-06-10 21:29 . 2009-05-26 16:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-10 21:29 . 2009-06-10 21:29 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-06-10 21:29 . 2009-06-10 21:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-06-10 21:29 . 2009-05-26 16:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-09 22:03 . 2009-06-09 22:03 19808 ----a-w- c:\windows\system32\drivers\dup.sys

2009-06-09 21:01 . 2009-06-09 21:01 579072 -c--a-w- c:\windows\system32\dllcache\user32.dll

2009-06-09 21:00 . 2009-06-09 21:00 -------- d-----w- c:\windows\ERUNT

2009-06-08 22:27 . 2009-06-08 22:27 376 ----a-w- c:\windows\mozregistry.dat

2009-06-08 22:27 . 2009-06-08 22:29 -------- d-----w- c:\arquivos de programas\hp deskjet 656c series

2009-06-08 22:27 . 2009-06-08 22:27 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2009-06-08 22:26 . 2008-04-13 14:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2009-06-08 22:26 . 2008-04-13 14:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2009-06-08 19:52 . 2009-06-08 21:47 -------- d-----w- c:\arquivos de programas\PhotoFiltre

2009-06-08 16:08 . 2009-06-08 16:33 -------- d-----w- c:\documents and settings\WinXP\Dados de aplicativos\Audacity

2009-06-08 16:08 . 2009-06-08 16:08 -------- d-----w- c:\arquivos de programas\Audacity

2009-06-07 23:33 . 2009-06-09 00:55 -------- d-----w- C:\Eloi

2009-06-07 16:30 . 2009-06-07 16:33 34 ----a-w- c:\documents and settings\WinXP\jagex_runescape_preferences.dat

2009-06-07 16:29 . 2009-06-07 16:29 -------- d-----w- c:\windows\.jagex_cache_32

2009-06-07 16:29 . 2009-06-07 16:29 -------- d-----w- c:\windows\Sun

2009-06-07 12:19 . 2009-06-09 21:06 0 ----a-w- c:\windows\system32\drivers\fdb3bd89.sys

2009-06-07 02:38 . 2009-06-07 02:38 -------- d-----w- c:\arquivos de programas\AstroNest

2009-06-06 18:37 . 2009-06-06 18:37 -------- d-----w- C:\Gamemaxx

2009-06-06 02:21 . 2009-06-11 01:20 -------- d-----w- c:\documents and settings\WinXP\Dados de aplicativos\foobar2000

2009-06-06 02:12 . 2009-06-11 12:30 -------- d-----w- c:\documents and settings\WinXP\Dados de aplicativos\Orbit

2009-06-06 02:12 . 2009-06-06 02:12 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2009-06-05 23:54 . 2009-06-05 23:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Macrovision

2009-06-05 23:54 . 2002-01-05 10:48 974848 ------w- c:\windows\system32\mfc70.dll

2009-06-05 23:54 . 2002-01-05 10:10 57344 ------w- c:\windows\system32\mfc70enu.dll

2009-06-05 23:54 . 2002-01-05 09:37 344064 ------w- c:\windows\system32\msvcr70.dll

2009-06-05 23:54 . 2009-06-05 23:54 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macromedia Shared

2009-06-05 23:54 . 2009-06-05 23:54 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macromedia

2009-06-05 23:54 . 2009-06-05 23:54 -------- d-----w- c:\arquivos de programas\Macromedia

2009-06-05 23:14 . 2009-06-05 23:14 -------- d-----w- c:\documents and settings\WinXP\Dados de aplicativos\fretsonfire

2009-06-05 23:14 . 2009-06-05 23:15 -------- d-----w- c:\arquivos de programas\Frets on Fire

2009-06-05 21:44 . 2009-06-05 21:44 -------- d-----w- c:\arquivos de programas\Emule

2009-06-05 21:13 . 2009-06-08 23:21 -------- d-----w- C:\Fernando

2009-06-05 21:12 . 2009-06-05 21:12 -------- d-----w- c:\arquivos de programas\foobar2000

2009-06-05 21:01 . 2009-06-05 21:01 -------- d-----w- c:\windows\Logs

2009-06-05 21:01 . 2009-06-05 21:01 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-06-05 21:01 . 2009-06-05 21:01 22328 ----a-w- c:\documents and settings\WinXP\Dados de aplicativos\PnkBstrK.sys

2009-06-05 21:00 . 2009-06-05 21:01 107832 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-06-05 21:00 . 2009-06-05 21:00 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-06-05 21:00 . 2009-06-05 21:00 2250024 ----a-w- c:\windows\system32\pbsvc.exe

2009-06-05 20:15 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2009-06-05 20:15 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll

2009-06-05 20:15 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2009-06-05 20:15 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2009-06-05 20:14 . 2008-04-13 14:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2009-06-05 20:14 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-06-05 18:46 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-06-05 18:45 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-06-05 18:45 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-06-05 18:45 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe

2009-06-05 18:45 . 2009-02-09 10:53 731648 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2009-06-05 18:45 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-06-05 18:45 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-06-05 18:45 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-06-05 18:45 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-06-05 18:45 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-06-05 17:44 . 2009-06-05 17:44 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-06-05 14:54 . 2009-06-05 14:54 -------- d-----w- C:\Program Files

2009-06-05 14:54 . 2003-08-05 18:35 147441 ----a-w- c:\windows\system32\drivers\gwausb.sys

2009-06-05 14:54 . 2003-08-05 17:43 24576 ----a-w- c:\windows\system32\CoInst.dll

2009-06-05 14:54 . 2003-08-05 11:29 161251 ----a-w- c:\windows\system32\drivers\gtipdsp.bin

2009-06-05 14:51 . 2008-02-15 15:49 180224 ----a-r- c:\windows\system32\igfxres.dll

2009-06-05 14:49 . 2006-08-01 18:02 49152 ------r- c:\windows\system32\ChCfg.exe

2009-06-05 14:49 . 2008-03-05 21:07 520192 ------r- c:\windows\RtlExUpd.dll

2009-06-05 14:49 . 2009-06-05 14:49 -------- d-----w- c:\arquivos de programas\Realtek

2009-06-05 14:49 . 2009-06-05 14:49 -------- d-----w- c:\windows\OPTIONS

2009-06-05 14:49 . 2009-06-05 14:49 -------- d-----w- c:\documents and settings\WinXP\Dados de aplicativos\InstallShield

2009-06-05 14:48 . 2009-06-05 14:48 -------- d-----w- c:\arquivos de programas\Intel

2009-06-05 14:48 . 2007-12-12 18:56 53248 ----a-w- c:\windows\system32\CSVer.dll

2009-06-05 13:08 . 2008-04-02 12:27 1196032 ------r- c:\windows\RtlUpd.exe

2009-06-05 13:08 . 2005-05-03 21:43 69632 ------r- c:\windows\Alcmtr.exe

2009-06-05 13:08 . 2006-05-04 19:26 2808832 ------r- c:\windows\alcwzrd.exe

2009-06-05 13:07 . 2007-03-23 22:19 9715200 ------r- c:\windows\RTLCPL.exe

2009-06-05 13:07 . 2006-07-21 19:14 86016 ------r- c:\windows\SoundMan.exe

2009-06-05 13:07 . 2007-11-20 21:15 1826816 ------r- c:\windows\SkyTel.exe

2009-06-05 13:07 . 2007-06-28 19:44 2165760 ------r- c:\windows\MicCal.exe

2009-06-05 13:07 . 2008-05-28 17:52 16862720 ------r- c:\windows\RTHDCPL.exe

2009-06-05 13:07 . 2008-06-02 21:10 4752384 ------r- c:\windows\system32\drivers\RtkHDAud.sys

2009-06-05 13:05 . 2008-05-07 22:31 106368 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys

2009-06-05 13:03 . 2006-12-08 07:02 67072 ----a-r- c:\windows\system32\drivers\Rtlh86.sys

2009-06-05 12:30 . 2009-06-05 12:30 -------- d-----w- C:\Intel

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-11 12:31 . 2009-06-11 12:31 32 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-10 23:47 . 2007-12-24 13:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-06-07 02:38 . 2007-12-24 13:09 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-06-05 23:00 . 2007-12-24 13:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-06-05 21:03 . 2001-10-28 15:07 75012 ----a-w- c:\windows\system32\perfc016.dat

2009-06-05 21:03 . 2001-10-28 15:07 460368 ----a-w- c:\windows\system32\perfh016.dat

2009-06-05 20:20 . 2008-10-08 16:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2009-06-05 20:20 . 2008-10-08 16:51 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-05 17:47 . 2008-03-05 17:22 -------- d-----w- c:\arquivos de programas\CONEXANT

2009-06-05 17:43 . 2007-12-24 16:53 -------- d-----w- c:\arquivos de programas\Java

2009-06-05 17:43 . 2009-06-05 17:43 2232 ----a-w- c:\windows\java\Packages\Data\EETRR9R7.DAT

2009-06-05 17:43 . 2009-06-05 17:43 155995 ----a-w- c:\windows\java\Packages\3N3TZ1JB.ZIP

2009-06-05 17:43 . 2009-06-05 17:43 2678 ----a-w- c:\windows\java\Packages\Data\8B3H31RN.DAT

2009-06-05 17:43 . 2009-06-05 17:43 152576 ----a-w- c:\documents and settings\WinXP\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2009-06-05 17:43 . 2009-06-05 17:43 2678 ----a-w- c:\windows\java\Packages\Data\OK6EGO2Z.DAT

2009-06-05 17:43 . 2009-06-05 17:43 2678 ----a-w- c:\windows\java\Packages\Data\D3R77X7J.DAT

2009-06-05 17:43 . 2009-06-05 17:43 2678 ----a-w- c:\windows\java\Packages\Data\CK671RRF.DAT

2009-06-05 17:43 . 2009-06-05 17:43 2678 ----a-w- c:\windows\java\Packages\Data\6WDBFJVF.DAT

2009-06-05 17:42 . 2009-06-05 17:41 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-06-05 17:41 . 2007-12-24 13:19 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-06-05 12:30 . 2007-12-24 13:16 -------- d-----w- c:\documents and settings\WinXP\Dados de aplicativos\Lavasoft

2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:45 . 2004-08-04 03:45 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:45 . 2004-08-04 03:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-19 19:50 . 2004-08-04 03:38 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:53 . 2004-08-04 03:45 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-02 13:21 . 2009-06-05 17:41 84480 ----a-w- c:\windows\system32\ff_vfw.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-06-10_18.37.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-11 12:12 . 2009-06-11 12:12 16384 c:\windows\temp\Perflib_Perfdata_7cc.dat

+ 2009-06-11 12:18 . 2009-06-11 12:18 16384 c:\windows\temp\Perflib_Perfdata_534.dat

+ 2007-12-24 16:49 . 2008-07-09 07:34 18296 c:\windows\system32\spmsg.dll

- 2007-12-24 16:49 . 2007-11-30 08:39 18296 c:\windows\system32\spmsg.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 44544 c:\windows\system32\pngfilt.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 44544 c:\windows\system32\pngfilt.dll

+ 2007-08-13 20:54 . 2009-04-29 04:45 52224 c:\windows\system32\msfeedsbs.dll

- 2007-08-13 20:54 . 2009-02-20 17:11 52224 c:\windows\system32\msfeedsbs.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 27648 c:\windows\system32\jsproxy.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 27648 c:\windows\system32\jsproxy.dll

+ 2007-08-13 20:39 . 2009-04-28 09:08 13824 c:\windows\system32\ieudinit.exe

- 2007-08-13 20:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe

+ 2004-08-04 03:45 . 2009-04-29 04:45 44544 c:\windows\system32\iernonce.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 44544 c:\windows\system32\iernonce.dll

+ 2004-08-04 03:45 . 2009-04-28 09:08 70656 c:\windows\system32\ie4uinit.exe

- 2004-08-04 03:45 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe

+ 2007-08-13 20:36 . 2009-04-29 04:45 63488 c:\windows\system32\icardie.dll

- 2007-08-13 20:36 . 2009-02-20 17:11 63488 c:\windows\system32\icardie.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 44544 c:\windows\system32\dllcache\pngfilt.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2009-03-30 11:54 . 2009-04-29 04:45 52224 c:\windows\system32\dllcache\msfeedsbs.dll

- 2009-03-30 11:54 . 2009-02-20 17:11 52224 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 27648 c:\windows\system32\dllcache\jsproxy.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-03-30 11:54 . 2009-04-28 09:08 13824 c:\windows\system32\dllcache\ieudinit.exe

- 2009-03-30 11:54 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe

- 2004-08-04 03:45 . 2009-02-20 17:11 44544 c:\windows\system32\dllcache\iernonce.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 44544 c:\windows\system32\dllcache\iernonce.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 78336 c:\windows\system32\dllcache\ieencode.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 78336 c:\windows\system32\dllcache\ieencode.dll

+ 2004-08-04 03:45 . 2009-04-28 09:08 70656 c:\windows\system32\dllcache\ie4uinit.exe

- 2004-08-04 03:45 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-03-30 11:54 . 2009-04-29 04:45 63488 c:\windows\system32\dllcache\icardie.dll

- 2009-03-30 11:54 . 2009-02-20 17:11 63488 c:\windows\system32\dllcache\icardie.dll

+ 2007-12-24 17:26 . 2009-06-11 01:23 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2007-12-24 17:26 . 2009-06-05 18:55 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2007-12-24 17:26 . 2009-06-05 18:55 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2007-12-24 17:26 . 2009-06-11 01:23 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2007-12-24 17:26 . 2009-06-05 18:55 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2007-12-24 17:26 . 2009-06-11 01:23 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2007-12-24 17:26 . 2009-06-05 18:55 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2007-12-24 17:26 . 2009-06-11 01:23 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2007-12-24 17:26 . 2009-06-05 18:55 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2007-12-24 17:26 . 2009-06-11 01:23 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2007-12-24 17:26 . 2009-06-05 18:55 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2007-12-24 17:26 . 2009-06-11 01:23 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2009-06-11 01:21 . 2009-02-20 17:11 44544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 52224 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 27648 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll

+ 2009-06-11 01:21 . 2009-02-20 10:20 13824 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe

+ 2009-06-11 01:21 . 2009-02-20 17:11 44544 c:\windows\ie7updates\KB969897-IE7\iernonce.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 78336 c:\windows\ie7updates\KB969897-IE7\ieencode.dll

+ 2009-06-11 01:21 . 2009-02-20 10:20 70656 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe

+ 2009-06-11 01:21 . 2009-02-20 17:11 63488 c:\windows\ie7updates\KB969897-IE7\icardie.dll

+ 2001-10-28 15:06 . 2001-10-28 15:06 4224 c:\windows\system32\drivers\beep.sys

+ 2007-12-24 17:26 . 2009-06-11 01:23 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2007-12-24 17:26 . 2009-06-05 18:55 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2004-08-04 03:45 . 2009-04-29 04:45 233472 c:\windows\system32\webcheck.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 233472 c:\windows\system32\webcheck.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 105984 c:\windows\system32\url.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 105984 c:\windows\system32\url.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 102912 c:\windows\system32\occache.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 102912 c:\windows\system32\occache.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 671232 c:\windows\system32\mstime.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 671232 c:\windows\system32\mstime.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 193024 c:\windows\system32\msrating.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 193024 c:\windows\system32\msrating.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 477696 c:\windows\system32\mshtmled.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 477696 c:\windows\system32\mshtmled.dll

- 2007-08-13 20:54 . 2009-02-20 17:11 459264 c:\windows\system32\msfeeds.dll

+ 2007-08-13 20:54 . 2009-04-29 04:45 459264 c:\windows\system32\msfeeds.dll

- 2007-08-13 20:34 . 2009-02-20 17:11 268288 c:\windows\system32\iertutil.dll

+ 2007-08-13 20:34 . 2009-04-29 04:45 268288 c:\windows\system32\iertutil.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 385024 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 385024 c:\windows\system32\iedkcs32.dll

- 2007-07-11 14:27 . 2009-02-20 17:11 383488 c:\windows\system32\ieapfltr.dll

+ 2007-07-11 14:27 . 2009-04-29 04:45 383488 c:\windows\system32\ieapfltr.dll

- 2001-10-28 15:06 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll

+ 2001-10-28 15:06 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 230400 c:\windows\system32\ieaksie.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 230400 c:\windows\system32\ieaksie.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 153088 c:\windows\system32\ieakeng.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 153088 c:\windows\system32\ieakeng.dll

+ 2007-12-24 10:21 . 2009-06-11 11:45 252680 c:\windows\system32\FNTCACHE.DAT

- 2007-12-24 10:21 . 2009-06-07 11:52 252680 c:\windows\system32\FNTCACHE.DAT

- 2004-08-04 03:45 . 2009-02-20 17:11 133120 c:\windows\system32\extmgr.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 133120 c:\windows\system32\extmgr.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 214528 c:\windows\system32\dxtrans.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 214528 c:\windows\system32\dxtrans.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 347136 c:\windows\system32\dxtmsft.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 347136 c:\windows\system32\dxtmsft.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 827392 c:\windows\system32\dllcache\wininet.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 233472 c:\windows\system32\dllcache\webcheck.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 233472 c:\windows\system32\dllcache\webcheck.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 105984 c:\windows\system32\dllcache\url.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 105984 c:\windows\system32\dllcache\url.dll

+ 2009-04-15 14:53 . 2009-04-15 14:53 585216 c:\windows\system32\dllcache\rpcrt4.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 102912 c:\windows\system32\dllcache\occache.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 102912 c:\windows\system32\dllcache\occache.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 671232 c:\windows\system32\dllcache\mstime.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 671232 c:\windows\system32\dllcache\mstime.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 193024 c:\windows\system32\dllcache\msrating.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 193024 c:\windows\system32\dllcache\msrating.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 477696 c:\windows\system32\dllcache\mshtmled.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 477696 c:\windows\system32\dllcache\mshtmled.dll

+ 2009-03-30 11:54 . 2009-04-29 04:45 459264 c:\windows\system32\dllcache\msfeeds.dll

- 2009-03-30 11:54 . 2009-02-20 17:11 459264 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-05-07 15:33 . 2009-05-07 15:33 347136 c:\windows\system32\dllcache\localspl.dll

+ 2007-12-24 12:29 . 2009-04-25 05:27 636088 c:\windows\system32\dllcache\iexplore.exe

- 2009-03-30 11:54 . 2009-02-20 17:11 268288 c:\windows\system32\dllcache\iertutil.dll

+ 2009-03-30 11:54 . 2009-04-29 04:45 268288 c:\windows\system32\dllcache\iertutil.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 385024 c:\windows\system32\dllcache\iedkcs32.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 385024 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-03-30 11:54 . 2009-04-29 04:45 383488 c:\windows\system32\dllcache\ieapfltr.dll

- 2009-03-30 11:54 . 2009-02-20 17:11 383488 c:\windows\system32\dllcache\ieapfltr.dll

+ 2001-10-28 15:06 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll

- 2001-10-28 15:06 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 230400 c:\windows\system32\dllcache\ieaksie.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 230400 c:\windows\system32\dllcache\ieaksie.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 153088 c:\windows\system32\dllcache\ieakeng.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 133120 c:\windows\system32\dllcache\extmgr.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 133120 c:\windows\system32\dllcache\extmgr.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 214528 c:\windows\system32\dllcache\dxtrans.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 347136 c:\windows\system32\dllcache\dxtmsft.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 347136 c:\windows\system32\dllcache\dxtmsft.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 124928 c:\windows\system32\dllcache\advpack.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 124928 c:\windows\system32\dllcache\advpack.dll

- 2004-08-04 03:45 . 2009-02-20 17:11 124928 c:\windows\system32\advpack.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 124928 c:\windows\system32\advpack.dll

+ 2009-06-11 12:32 . 2008-07-08 17:54 148496 c:\windows\LastGood\system32\DRIVERS\32210645.sys

+ 2009-06-11 12:30 . 2008-07-08 17:54 148496 c:\windows\LastGood\system32\DRIVERS\01281598.sys

+ 2007-12-24 17:26 . 2009-06-11 01:23 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2007-12-24 17:26 . 2009-06-05 18:55 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2007-12-24 17:26 . 2009-06-11 01:23 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2007-12-24 17:26 . 2009-06-05 18:55 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2007-12-24 17:26 . 2009-06-05 18:55 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2007-12-24 17:26 . 2009-06-11 01:23 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2007-12-24 17:26 . 2009-06-05 18:55 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2007-12-24 17:26 . 2009-06-11 01:23 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2007-12-24 17:26 . 2009-06-05 18:55 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2007-12-24 17:26 . 2009-06-11 01:23 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2007-12-24 17:26 . 2009-06-11 01:23 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2007-12-24 17:26 . 2009-06-05 18:55 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2009-06-11 01:21 . 2009-03-03 00:06 826368 c:\windows\ie7updates\KB969897-IE7\wininet.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 233472 c:\windows\ie7updates\KB969897-IE7\webcheck.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 105984 c:\windows\ie7updates\KB969897-IE7\url.dll

+ 2009-06-11 01:21 . 2008-07-09 07:35 395128 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll

+ 2009-06-11 01:21 . 2008-07-09 07:34 233336 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe

+ 2009-06-11 01:21 . 2009-02-20 17:11 102912 c:\windows\ie7updates\KB969897-IE7\occache.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 671232 c:\windows\ie7updates\KB969897-IE7\mstime.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 193024 c:\windows\ie7updates\KB969897-IE7\msrating.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 477696 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 459264 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll

+ 2009-06-11 01:21 . 2009-02-28 04:54 636072 c:\windows\ie7updates\KB969897-IE7\iexplore.exe

+ 2009-06-11 01:21 . 2009-02-20 17:11 268288 c:\windows\ie7updates\KB969897-IE7\iertutil.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 385024 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 383488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll

+ 2009-06-11 01:21 . 2009-02-20 05:14 161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 230400 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 153088 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 133120 c:\windows\ie7updates\KB969897-IE7\extmgr.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 347136 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 124928 c:\windows\ie7updates\KB969897-IE7\advpack.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 1159680 c:\windows\system32\urlmon.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 3596288 c:\windows\system32\mshtml.dll

+ 2007-08-13 20:54 . 2009-04-29 04:45 6066176 c:\windows\system32\ieframe.dll

- 2007-08-13 20:54 . 2009-02-20 17:11 6066176 c:\windows\system32\ieframe.dll

+ 2009-02-09 14:06 . 2009-04-19 19:50 1847296 c:\windows\system32\dllcache\win32k.sys

+ 2004-08-04 03:45 . 2009-04-29 04:45 1159680 c:\windows\system32\dllcache\urlmon.dll

+ 2004-08-04 03:45 . 2009-04-29 04:45 3596288 c:\windows\system32\dllcache\mshtml.dll

- 2009-03-30 11:54 . 2009-02-20 17:11 6066176 c:\windows\system32\dllcache\ieframe.dll

+ 2009-03-30 11:54 . 2009-04-29 04:45 6066176 c:\windows\system32\dllcache\ieframe.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 1160192 c:\windows\ie7updates\KB969897-IE7\urlmon.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 3595264 c:\windows\ie7updates\KB969897-IE7\mshtml.dll

+ 2009-06-11 01:21 . 2009-02-20 17:11 6066176 c:\windows\ie7updates\KB969897-IE7\ieframe.dll

+ 2009-06-11 01:21 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat

+ 2007-12-24 16:54 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"Google Update"="c:\documents and settings\WinXP\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-06-09 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"DSLSTATEXE"="c:\program files\DSLink 180U\Adsl\dslstat.exe" [2003-08-05 299008]

"DSLAGENTEXE"="c:\program files\DSLink 180U\Adsl\dslagent.exe" [2003-08-05 16384]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 196608]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-28 16862720]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Emule\\eMule0.49b-Mephisto_v2.1-bin\\emule.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Gamemaxx\\Cabal Online\\launcher\\update\\ESTdnheadless.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/3/2009 10:11 114768]

R1 is-81O76drv;is-81O76drv;c:\windows\system32\drivers\32210645.sys [11/6/2009 09:32 148496]

R1 is-IJC2Hdrv;is-IJC2Hdrv;c:\windows\system32\drivers\01281598.sys [11/6/2009 09:30 148496]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/3/2009 10:11 20560]

S1 Dup;Dup;c:\windows\system32\drivers\dup.sys [9/6/2009 19:03 19808]

S1 fdb3bd89;fdb3bd89;c:\windows\system32\drivers\fdb3bd89.sys [7/6/2009 09:19 0]

S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - 000005BB

*NewlyCreated* - IS-81O76DRV

*NewlyCreated* - IS-IJC2HDRV

*NewlyCreated* - NNKAGAAJ

*Deregistered* - 000005BB

*Deregistered* - nnkagaaj

*Deregistered* - uphcleanhlp

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com.br/

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-11 10:06

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(356)

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-06-11 10:07

ComboFix-quarantined-files.txt 2009-06-11 13:07

ComboFix2.txt 2009-06-10 23:44

ComboFix3.txt 2009-06-10 18:39

 

Pré-execução: 14 pasta(s) 138.140.880.896 bytes disponíveis

Pós execução: 13 pasta(s) 138.124.632.064 bytes disponíveis

 

400 --- E O F --- 2009-06-11 01:23

 

Mensagems de e-mails identicos excessivos persiste.

[PedroN 1]

Siga os meus passos na seqüencia por favor.

 

1° Passo.

 

Configure o windows para mostrar todos os arquivos ocultos.

 

Acesse o site do vírus total e envie o arquivo destaque abaixo.

 

c:\windows\system32\drivers\fdb3bd89.sys

 

Poste os resultados.

 

2° Passo.

 

Faça o download do bankerfix clicando no link abaixo:

http://www.linhadefensiva.org/dl/bankerfix

 

- Salve a ferramenta no seu disco rígido.

- Dê um duplo-clique no bankerfix.exe.

- Uma janela pedirá a confirmação para a instalação da ferramenta. Clique em Sim.

- Feche todas as janelas e programas, com exceção do BankerFix

- Agora é so aguarda a execução do bankerfix.

- O relatório da ferramenta, informando sobre todos os arquivos detectados e removidos, fica no arquivo relatorio.txt, presente na pasta C:\LinhaDefensiva poste-o na sua proxima resposta junto com o log do hijackthis.

 

3° Passo.

 

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.

 

Tutorial Kaspersky Online Scanner

 

Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.

[Fernando P. 0]

Olá PedroN.

Aqui está o resulatado do scan do arquivo:

 

0 bytes size received / Se ha recibido un archivo vacio

 

e o Log do bankerfix:

 

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-06-11 - 14:16

-------------------------------------------------------

Lista de Definição: 2009-05-04-2 | CORE: 2009-01-21-1

=======================================================

 

 

 

----- Fim -------------------------

 

 

Logt do HiJackThis atualizado:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:37:47, on 11/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\UPHClean\uphclean.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DSLink 180U\Adsl\dslstat.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\DSLink 180U\Adsl\dslagent.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\WinXP\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Gamemaxx\Cabal Online\update.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Fernando\Downloads\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\DSLink 180U\Adsl\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\DSLink 180U\Adsl\dslagent.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\WinXP\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C19403E2-D262-41CC-A59C-FFBC12834A5D}: NameServer = 201.10.120.2 201.10.1.3

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 7152 bytes

 

Não consegui passar o scan do kaspersky devido à um erro: "program has failed to start. ERROR: java.lang.NullPointerException."

Mesgagens dos e-mails persistem.

[PedroN 1]

Tente o scan com o Nod32 Online.

 

Veja o link do tutorial aqui

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\EsetOnlineScanner\log

 

Poste-o em sua resposta.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.