Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Renato Pennafort

meu explore esta comprometido pelo xfire32

Recommended Posts

Estou com um problema em que meu pc foi infectado. Agora toda vez que inicio o pc ele da um erro no explore e pedi para ser fechado, e tambem quando coloco um pendrive ele fica detectand direto um worm e nao deleta, creio que isso seja culpa desse xfire32.

o log criado pelo RSIT é esse e mais em baixo tem o criado pelo GMER.exe

Logfile of random's system information tool 1.04 (written by random/random)

Run by Laércio at 2008-11-20 09:28:59

Microsoft Windows XP Professional Service Pack 2

System drive C: has 19 GB (38%) free of 50 GB

Total RAM: 502 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-20 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2008-02-20 185896]

"Xfire32"=C:\WINDOWS\system32\xfire32.exe [2007-06-13 851968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\System32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Documents and Settings\Laércio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [2008-11-18 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

C:\WINDOWS\System32\hkcmd.exe [2004-11-01 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

C:\WINDOWS\System32\igfxtray.exe [2004-11-01 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Arquivos de programas\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [2003-12-08 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2008-02-20 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

C:\ARQUIV~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2

"wuauserv"=3

"W32Time"=2

"odserv"=3

"ImapiService"=3

"usnjsvc"=3

"avast! Web Scanner"=3

"avast! Mail Scanner"=3

"avast! Antivirus"=2

"aswUpdSv"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxsrvc.dll [2004-11-01 348160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

"C:\Documents and Settings\Laércio\Configurações locais\Dados de aplicativos\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Laércio\Configurações locais\Dados de aplicativos\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"

"C:\Documents and Settings\Laércio\Configurações locais\Dados de aplicativos\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Laércio\Configurações locais\Dados de aplicativos\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"

"C:\WINDOWS\system32\xfire32.exe"="C:\WINDOWS\system32\xfire32.exe:*:Disabled:xfire32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f5cb5ad-0631-11dd-b69e-001558b37ac9}]

shell\AutoRun\command - ylr.exe

shell\explore\command - ylr.exe

shell\open\command - ylr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f5cb5af-0631-11dd-b69e-001558b37ac9}]

shell\AutoRun\command - aub0wb8.cmd

shell\explore\command - aub0wb8.cmd

shell\open\command - aub0wb8.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98e3c8ad-411c-11dd-b6e1-001558b37ac9}]

shell\Auto\command - auto.exe

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

shell\explore\command - jfvkcsy.bat

shell\open\command - jfvkcsy.bat

======File associations======

.js - open - "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-11-20 09:29:00 ----D---- C:\Arquivos de programas\trend micro

2008-11-20 09:28:59 ----D---- C:\rsit

2008-11-20 09:21:46 ----A---- C:\WINDOWS\gmer.ini

2008-11-20 09:21:44 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-20 09:21:44 ----A---- C:\WINDOWS\gmer.exe

2008-11-20 09:21:44 ----A---- C:\WINDOWS\gmer.dll

2008-11-20 08:55:12 ----D---- C:\WINDOWS\LastGood

2008-11-20 08:38:59 ----A---- C:\ComboFix.txt

2008-11-20 08:34:51 ----A---- C:\Boot.bak

2008-11-20 08:34:44 ----RASHD---- C:\cmdcons

2008-11-20 08:33:27 ----A---- C:\WINDOWS\zip.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\VFIND.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\SWXCACLS.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\SWSC.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\SWREG.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\sed.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\NIRCMD.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\grep.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\fdsv.exe

2008-11-20 08:33:21 ----D---- C:\WINDOWS\ERDNT

2008-11-20 08:33:20 ----D---- C:\Qoobox

2008-11-19 11:53:24 ----D---- C:\My Downloads

2008-11-19 11:53:21 ----RSH---- C:\WINDOWS\system32\xfire32.exe

2008-11-19 11:53:20 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-11-19 11:21:23 ----A---- C:\WINDOWS\avisplitter.INI

2008-11-19 08:56:25 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-11-19 08:56:25 ----D---- C:\Arquivos de programas\Lavasoft

2008-11-19 08:55:14 ----D---- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-11-07 11:52:53 ----D---- C:\Documents and Settings\Laércio\Dados de aplicativos\CyberLink

======List of files/folders modified in the last 1 months======

2008-11-20 09:29:00 ----RD---- C:\Arquivos de programas

2008-11-20 09:21:54 ----D---- C:\WINDOWS\Prefetch

2008-11-20 09:21:46 ----D---- C:\WINDOWS

2008-11-20 09:21:44 ----D---- C:\WINDOWS\system32\drivers

2008-11-20 09:19:10 ----HD---- C:\WINDOWS\inf

2008-11-20 09:17:23 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-20 09:14:43 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-20 09:02:11 ----D---- C:\Arquivos de programas\Mozilla Firefox

2008-11-20 08:56:36 ----SHD---- C:\WINDOWS\Installer

2008-11-20 08:56:36 ----SHD---- C:\Config.Msi

2008-11-20 08:56:35 ----D---- C:\WINDOWS\Temp

2008-11-20 08:56:35 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-11-20 08:47:06 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-20 08:39:02 ----D---- C:\WINDOWS\system32

2008-11-20 08:37:26 ----A---- C:\WINDOWS\system.ini

2008-11-20 08:36:39 ----D---- C:\WINDOWS\AppPatch

2008-11-20 08:36:39 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-11-20 08:34:51 ----RASH---- C:\boot.ini

2008-11-20 08:31:23 ----A---- C:\WINDOWS\win.ini

2008-11-19 11:20:47 ----D---- C:\Documents and Settings\Laércio\Dados de aplicativos\uTorrent

2008-11-19 09:15:34 ----D---- C:\Arquivos de programas\eclipse

2008-11-19 08:53:09 ----SHD---- C:\System Volume Information

2008-11-18 10:14:00 ----A---- C:\WINDOWS\hpbafd.ini

2008-11-18 08:39:59 ----D---- C:\Documents and Settings\Laércio\Dados de aplicativos\Mozilla

2008-11-18 08:39:34 ----SD---- C:\WINDOWS\Tasks

2008-11-12 10:47:50 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 40192]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]

R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Protocolo de transporte compatível; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]

R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-28 63232]

R2 NwlnkSpx;Protocolo NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-28 55936]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-03-01 3959360]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]

R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-11-01 773565]

R3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]

R3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2004-08-03 404990]

R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]

S2 Proteq;Proteq; C:\WINDOWS\system32\drivers\Proteq.sys []

S3 aw59mfy1;aw59mfy1; C:\WINDOWS\system32\drivers\aw59mfy1.sys []

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-20 85969]

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-05 12288]

S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]

S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]

S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]

S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2004-08-03 95424]

S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe [2008-11-19 611664]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2004-02-23 65536]

R2 NwSapAgent;Agente SAP; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2004-08-04 73796]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2004-02-23 1515599]

S3 DB2NTSECSERVER;Servidor de Segurança do DB2; C:\Arquivos de programas\IBM\SQLLIB\BIN\db2sec.exe [2004-02-21 29816]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-06-21 654848]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2006-02-28 229376]

S4 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S4 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • GMER 1.0.14.14536 - http://www.gmer.net

    Rootkit scan 2008-11-20 09:28:26

    Windows 5.1.2600 Service Pack 2

    ---- System - GMER 1.0.14 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE626618]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE6264D4]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE6269B2]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE6260AC]

    SSDT sptd.sys ZwEnumerateKey [0xF828FFB2]

    SSDT sptd.sys ZwEnumerateValueKey [0xF8290340]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE6265AE]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE625FEC]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE626050]

    SSDT sptd.sys ZwQueryKey [0xF8290418]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE6266CE]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE62668E]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE62680E]

    ---- Kernel code sections - GMER 1.0.14 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2C30 805039E4 2 Bytes [ D4, 64 ]

    .text ntkrnlpa.exe!ZwCallbackReturn + 2C90 80503A44 2 Bytes [ B2, 69 ]

    .text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80503B1C 2 Bytes [ AE, 65 ]

    .text ntkrnlpa.exe!ZwCallbackReturn + 2E50 80503C04 2 Bytes [ CE, 66 ]

    .text ntkrnlpa.exe!ZwCallbackReturn + 2EBC 80503C70 2 Bytes [ 8E, 66 ]

    .text ...

    ? C:\WINDOWS\system32\drivers\sptd.sys O arquivo já está sendo usado por outro processo.

    .text USBPORT.SYS!DllUnload F7F6B62C 5 Bytes JMP 821CA1C8

    ? System32\Drivers\aw59mfy1.SYS O sistema não pode encontrar o arquivo especificado. !

    ---- User code sections - GMER 1.0.14 ----

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[256] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.14 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F828AAD4] sptd.sys

    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F828AC1A] sptd.sys

    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F828AB9C] sptd.sys

    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F828B748] sptd.sys

    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F828B61E] sptd.sys

    IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F82A029A] sptd.sys

    ---- User IAT/EAT - GMER 1.0.14 ----

    IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002

    IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00BA08E0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00BA05D0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00B990C0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B9A600

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00B9D770

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00B9B350

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B9A930

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00B9CAB0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00B9FAB0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00B9FAF0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00BA0C30

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00B9F6A0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00B9D6D0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00B9BE70

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00B9B000

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00B9B8F0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00BA11B0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00B9CE00

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00B9D530

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00B9E160

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00B9DC40

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00B9E0E0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00B9EC00

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00B9E2D0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00B9ACB0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00B9BD20

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00B9FBD0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00B9DD80

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00B9D670

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00B9D230

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00B9D880

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00BA0C50

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00B9DB80

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadIconW] 00BA0EF0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadCursorW] 00BA0E90

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateDialogParamW] 00BA10E0

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DialogBoxParamW] 00BA1180

    IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadStringW] 00BA0FB0

    ---- Devices - GMER 1.0.14 ----

    Device \FileSystem\Ntfs \Ntfs 823661E8

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\usbuhci \Device\USBPDO-0 821151E8

    Device \Driver\dmio \Device\DmControl\DmIoDaemon 823D91E8

    Device \Driver\dmio \Device\DmControl\DmConfig 823D91E8

    Device \Driver\dmio \Device\DmControl\DmPnP 823D91E8

    Device \Driver\dmio \Device\DmControl\DmInfo 823D91E8

    Device \Driver\usbuhci \Device\USBPDO-1 821151E8

    Device \Driver\usbuhci \Device\USBPDO-2 821151E8

    Device \Driver\usbuhci \Device\USBPDO-3 821151E8

    Device \Driver\PCI_NTPNP0732 \Device\00000054 sptd.sys

    Device \Driver\usbehci \Device\USBPDO-4 820FE1E8

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 823681E8

    Device \Driver\Ftdisk \Device\HarddiskVolume2 823681E8

    Device \Driver\Cdrom \Device\CdRom0 820E61E8

    Device \Driver\Cdrom \Device\CdRom1 820E61E8

    Device \Driver\atapi \Device\Ide\IdePort0 823671E8

    Device \Driver\atapi \Device\Ide\IdePort1 823671E8

    Device \Driver\atapi \Device\Ide\IdePort2 823671E8

    Device \Driver\atapi \Device\Ide\IdePort3 823671E8

    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 823671E8

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 823671E8

    Device \Driver\Cdrom \Device\CdRom2 820E61E8

    Device \Driver\NetBT \Device\NetBt_Wins_Export 81E9D790

    Device \Driver\NetBT \Device\NetbiosSmb 81E9D790

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\usbuhci \Device\USBFDO-0 821151E8

    Device \Driver\usbuhci \Device\USBFDO-1 821151E8

    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81E411E8

    Device \Driver\usbuhci \Device\USBFDO-2 821151E8

    Device \FileSystem\MRxSmb \Device\LanmanRedirector 81E411E8

    Device \Driver\usbuhci \Device\USBFDO-3 821151E8

    Device \Driver\usbehci \Device\USBFDO-4 820FE1E8

    Device \Driver\Ftdisk \Device\FtControl 823681E8

    Device \Driver\aw59mfy1 \Device\Scsi\aw59mfy11Port4Path0Target0Lun0 820E21E8

    Device \Driver\aw59mfy1 \Device\Scsi\aw59mfy11 820E21E8

    Device \Driver\aw59mfy1 \Device\Scsi\aw59mfy11Port4Path0Target1Lun0 820E21E8

    Device \FileSystem\Cdfs \Cdfs 81E341E8

    ---- Registry - GMER 1.0.14 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools\

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD9 0x00 0x8D 0x32 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0x4C 0x3A 0xFA ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xA0 0x83 0x6E ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x59 0x3E 0xD3 0x13 ...

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools\

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD9 0x00 0x8D 0x32 ...

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0x4C 0x3A 0xFA ...

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xA0 0x83 0x6E ...

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x59 0x3E 0xD3 0x13 ...

    ---- EOF - GMER 1.0.14 ----

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Tenho mais 4 computadores comprometidos...

    Tenho que postar também os logs deles?

    o proximo é o seguinte

    GMER 1.0.14.14536 - http://www.gmer.net

    Rootkit scan 2008-11-20 10:21:42

    Windows 5.1.2600 Service Pack 2

    ---- System - GMER 1.0.14 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB7310618]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB73104D4]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB73109B2]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB73100AC]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB73105AE]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB730FFEC]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB7310050]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB73106CE]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB731068E]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB731080E]

    ---- User IAT/EAT - GMER 1.0.14 ----

    IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002

    IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00B990C0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B9A600

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00B9D770

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00B9B350

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B9A930

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00B9FAB0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00B9FAF0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00BA0C30

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00B9F6A0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00B9D6D0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00B9BE70

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00B9B000

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00B9B8F0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00BA11B0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00B9CE00

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00B9D530

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00B9E160

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00B9DC40

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00B9E0E0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00B9EC00

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00B9E2D0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00B9ACB0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00B9BD20

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00B9FBD0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00B9DD80

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00B9D670

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00B9D230

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00B9D880

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00BA0C50

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00B9DB80

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00B9CAB0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadIconW] 00BA0EF0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadCursorW] 00BA0E90

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateDialogParamW] 00BA10E0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DialogBoxParamW] 00BA1180

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadStringW] 00BA0FB0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00BA08E0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00BA05D0

    ---- Devices - GMER 1.0.14 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    ---- EOF - GMER 1.0.14 ----

    Logfile of random's system information tool 1.04 (written by random/random)

    Run by Administrador at 2008-11-20 10:21:53

    Microsoft Windows XP Professional Service Pack 2

    System drive C: has 231 GB (97%) free of 238 GB

    Total RAM: 2047 MB (82% free)

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 10:22:05, on 20/11/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\WINDOWS\system32\xfire32.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\xfire32.exe

    C:\WINDOWS\system32\dwwin.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\EloSrvce.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\EloDkMon.exe

    C:\WINDOWS\system32\EloTTray.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Documents and Settings\Administrador\Desktop\RSIT.exe

    C:\Arquivos de programas\trend micro\Administrador.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [Proyecto1] C:\WINDOWS\smms.exe

    O4 - HKLM\..\Run: [Xfire32] xfire32.exe

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\RunServices: [Xfire32] xfire32.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O17 - HKLM\System\CCS\Services\Tcpip\..\{217BB840-6CD8-4C23-90F7-9B5BEC64F08F}: NameServer = 10.15.1.14,10.15.1.3

    O17 - HKLM\System\CS1\Services\Tcpip\..\{217BB840-6CD8-4C23-90F7-9B5BEC64F08F}: NameServer = 10.15.1.14,10.15.1.3

    O17 - HKLM\System\CS2\Services\Tcpip\..\{217BB840-6CD8-4C23-90F7-9B5BEC64F08F}: NameServer = 10.15.1.14,10.15.1.3

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: EloSystemService - Elo Touchsystems - C:\WINDOWS\system32\EloSrvce.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --

    End of file - 5817 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

    AcroIEHlprObj Class - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

    Groove GFS Browser Helper - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

    SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

    Google Toolbar Helper - c:\arquivos de programas\google\googletoolbar1.dll [2008-10-03 2423872]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

    Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-08 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\arquivos de programas\google\googletoolbar1.dll [2008-10-03 2423872]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]

    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]

    "Proyecto1"=C:\WINDOWS\smms.exe []

    "Xfire32"=C:\WINDOWS\system32\xfire32.exe [2007-06-13 851968]

    "avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

    C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-08 68856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

    C:\ARQUIV~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    "dontdisplaylastusername"=0

    "legalnoticecaption"=

    "legalnoticetext"=

    "shutdownwithoutlogon"=1

    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

    "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

    "C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

    "C:\WINDOWS\system32\xfire32.exe"="C:\WINDOWS\system32\xfire32.exe:*:Disabled:xfire32"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f32ede1-9537-11dd-8b1f-001d7d8b7aad}]

    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38135741-946a-11dd-8b1d-001d7d8b7aad}]

    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b256426-9b80-11dd-8b2b-001d7d8b7aad}]

    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e55e629-7ffb-11dd-8af5-001d7d8b7aad}]

    shell\AutoRun\command - wscript.exe .\.vbs

    shell\open\command - wscript.exe .\.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74834629-b4a7-11dd-8b4e-001d7d8b7aad}]

    shell\AutoRun\command - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usbhelp.exe

    shell\open\command - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usbhelp.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78145e78-80d8-11dd-8afe-001d7d8b7aad}]

    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78145e79-80d8-11dd-8afe-001d7d8b7aad}]

    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1b08df9-8968-11dd-8b07-001d7d8b7aad}]

    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

    ======List of files/folders created in the last 1 months======

    2008-11-20 10:21:53 ----D---- C:\rsit

    2008-11-20 10:21:53 ----D---- C:\Arquivos de programas\trend micro

    2008-11-20 10:17:20 ----A---- C:\WINDOWS\gmer.ini

    2008-11-20 10:17:19 ----A---- C:\WINDOWS\gmer_uninstall.cmd

    2008-11-20 10:17:19 ----A---- C:\WINDOWS\gmer.exe

    2008-11-20 10:17:19 ----A---- C:\WINDOWS\gmer.dll

    2008-11-19 11:40:37 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Help

    2008-11-19 11:35:19 ----D---- C:\Arquivos de programas\Random Number Generator Pro

    2008-11-19 10:04:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

    2008-11-19 09:18:09 ----D---- C:\Arquivos de programas\Lavasoft

    2008-11-19 09:18:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

    2008-11-19 09:17:49 ----D---- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

    2008-11-19 09:10:58 ----D---- C:\WINDOWS\pss

    2008-11-13 13:25:25 ----A---- C:\WINDOWS\ntbtlog.txt

    2008-11-13 13:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

    2008-11-13 13:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

    2008-11-13 12:20:37 ----D---- C:\My Downloads

    2008-11-13 12:20:36 ----RSH---- C:\WINDOWS\system32\xfire32.exe

    2008-11-13 12:20:36 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2008-10-29 18:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

    ======List of files/folders modified in the last 1 months======

    2008-11-20 10:22:04 ----D---- C:\Temp

    2008-11-20 10:21:53 ----D---- C:\Arquivos de programas

    2008-11-20 10:17:20 ----D---- C:\WINDOWS

    2008-11-20 10:17:19 ----D---- C:\WINDOWS\system32\drivers

    2008-11-20 10:16:44 ----D---- C:\WINDOWS\Prefetch

    2008-11-20 10:02:50 ----D---- C:\WINDOWS\Temp

    2008-11-19 15:23:57 ----A---- C:\WINDOWS\SchedLgU.Txt

    2008-11-19 10:04:41 ----D---- C:\WINDOWS\system32

    2008-11-19 10:01:33 ----D---- C:\WINDOWS\system32\CatRoot2

    2008-11-19 09:19:35 ----SHD---- C:\WINDOWS\Installer

    2008-11-19 09:17:49 ----D---- C:\Arquivos de programas\Arquivos comuns

    2008-11-19 09:17:20 ----RSHDC---- C:\WINDOWS\system32\dllcache

    2008-11-19 09:14:11 ----D---- C:\WINDOWS\system32\CatRoot

    2008-11-19 09:12:15 ----HD---- C:\WINDOWS\inf

    2008-11-19 09:12:15 ----D---- C:\WINDOWS\Help

    2008-11-19 09:11:49 ----SH---- C:\boot.ini

    2008-11-19 09:11:49 ----A---- C:\WINDOWS\win.ini

    2008-11-19 09:11:49 ----A---- C:\WINDOWS\system.ini

    2008-11-13 13:23:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

    2008-11-13 13:21:58 ----D---- C:\WINDOWS\$hf_mig$

    2008-11-13 13:21:56 ----A---- C:\WINDOWS\imsins.BAK

    2008-11-13 12:20:37 ----D---- C:\Program Files

    2008-11-03 21:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

    2008-10-21 09:02:44 ----D---- C:\Arquivos de programas\ESET

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]

    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]

    R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2008-09-12 3026]

    R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40192]

    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]

    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]

    R3 EloBus;Elobus Filter Driver; C:\WINDOWS\system32\DRIVERS\EloBus.sys [2007-05-04 14336]

    R3 EloSer;Elo Serial Driver; C:\WINDOWS\system32\DRIVERS\EloSer.sys [2007-05-03 108672]

    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]

    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-07-12 96384]

    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

    S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-20 85969]

    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe [2008-11-19 611664]

    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]

    R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]

    R2 EloSystemService;EloSystemService; C:\WINDOWS\system32\EloSrvce.exe [2007-05-03 45056]

    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]

    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]

    R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]

    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

    S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Goog+Ùø*d»Éƒ%žâÞOMª¡Ç*¨*†¶€W×Xx¨äß¹Æm &®ÛýCTY:tOö_•°IÀà53«]ášás¸æ2àBS‚™ÅìKSXÆí)não>Ï¢Là¡Ã°Ž±ùÙÜÑr¹Zïƒ

    ‡u){ðcôðá1±ù«Ø½«qX>öX½0*5le;p¥»„s’£…Í÷K

    ÛÙDBW]†h‚Lòl†ùð

    {‰x

    %çfÉ©°×¤§ÐƒHõô+ÿ.Z·“{ºÌÑ‚F6T´.C.Ïs©¥ÙkÊc”w3s&³Á<Š´¹}

    >não”‚šæ<?e~™êÞÎëö»você× 7]^È{

    å=Œ¶ìñ--HI7<ËuC

    mtÝÖäœ;f·Ñœì´¸eçæ°cVÝ̹}a‡…\Ã-º‚eÊ,Œ‰hïÜ쎓’+†˜€á7¬•ÖI

    O+Å

    … 5©ÇŽä81$H

    '´.7ñÁ•ìàA¯Ýߊ?˜ö›}4bÀR@ÔC×°Lì$ï[¿ÛçírÌnêrÌ‚Ÿ¥ z¦Æ<né‚“u®0ÜC'í5DY°’LM¶Ûz‚ƒ™’¼gÉÙÁœ›å2c¦äèIt‰"ÆnÅØÛŽòª¸¸)µNHvQ^˜cj/†¿MÏ/¨êxKÝ¡¾QÍ È xB%Ré•Þ¿¢£õóß-S&tS#ºü:õÐ_§|

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Tenho mais 4 computadores comprometidos...

    Tenho que postar também os logs deles?

    o proximo é o seguinte

    GMER 1.0.14.14536 - http://www.gmer.net

    Rootkit scan 2008-11-20 10:21:42

    Windows 5.1.2600 Service Pack 2

    ---- System - GMER 1.0.14 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB7310618]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB73104D4]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB73109B2]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB73100AC]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB73105AE]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB730FFEC]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB7310050]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB73106CE]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB731068E]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB731080E]

    ---- User IAT/EAT - GMER 1.0.14 ----

    IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002

    IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00B990C0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B9A600

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00B9D770

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00B9B350

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B9A930

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00B9FAB0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00B9FAF0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00BA0C30

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00B9F6A0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00B9D6D0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00B9BE70

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00B9B000

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00B9B8F0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00BA11B0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00B9CE00

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00B9D530

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00B9E160

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00B9DC40

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00B9E0E0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00B9EC00

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00B9E2D0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00B9ACB0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00B9BD20

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00B9FBD0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00B9DD80

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00B9D670

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00B9D230

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00B9D880

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00BA0C50

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00B9DB80

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00B9CAB0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadIconW] 00BA0EF0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadCursorW] 00BA0E90

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateDialogParamW] 00BA10E0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DialogBoxParamW] 00BA1180

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadStringW] 00BA0FB0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00BA08E0

    IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00BA05D0

    ---- Devices - GMER 1.0.14 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    ---- EOF - GMER 1.0.14 ----

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • E o log do RSIT

    Logfile of random's system information tool 1.04 (written by random/random)

    Run by Administrador at 2008-11-20 10:21:53

    Microsoft Windows XP Professional Service Pack 2

    System drive C: has 231 GB (97%) free of 238 GB

    Total RAM: 2047 MB (82% free)

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 10:22:05, on 20/11/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\WINDOWS\system32\xfire32.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\xfire32.exe

    C:\WINDOWS\system32\dwwin.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\EloSrvce.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\EloDkMon.exe

    C:\WINDOWS\system32\EloTTray.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Documents and Settings\Administrador\Desktop\RSIT.exe

    C:\Arquivos de programas\trend micro\Administrador.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [Proyecto1] C:\WINDOWS\smms.exe

    O4 - HKLM\..\Run: [Xfire32] xfire32.exe

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\RunServices: [Xfire32] xfire32.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O17 - HKLM\System\CCS\Services\Tcpip\..\{217BB840-6CD8-4C23-90F7-9B5BEC64F08F}: NameServer = 10.15.1.14,10.15.1.3

    O17 - HKLM\System\CS1\Services\Tcpip\..\{217BB840-6CD8-4C23-90F7-9B5BEC64F08F}: NameServer = 10.15.1.14,10.15.1.3

    O17 - HKLM\System\CS2\Services\Tcpip\..\{217BB840-6CD8-4C23-90F7-9B5BEC64F08F}: NameServer = 10.15.1.14,10.15.1.3

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: EloSystemService - Elo Touchsystems - C:\WINDOWS\system32\EloSrvce.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --

    End of file - 5817 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

    AcroIEHlprObj Class - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

    Groove GFS Browser Helper - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

    SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

    Google Toolbar Helper - c:\arquivos de programas\google\googletoolbar1.dll [2008-10-03 2423872]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

    Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-08 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\arquivos de programas\google\googletoolbar1.dll [2008-10-03 2423872]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]

    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]

    "Proyecto1"=C:\WINDOWS\smms.exe []

    "Xfire32"=C:\WINDOWS\system32\xfire32.exe [2007-06-13 851968]

    "avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

    C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-08 68856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

    C:\ARQUIV~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    "dontdisplaylastusername"=0

    "legalnoticecaption"=

    "legalnoticetext"=

    "shutdownwithoutlogon"=1

    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

    "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

    "C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

    "C:\WINDOWS\system32\xfire32.exe"="C:\WINDOWS\system32\xfire32.exe:*:Disabled:xfire32"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f32ede1-9537-11dd-8b1f-001d7d8b7aad}]

    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38135741-946a-11dd-8b1d-001d7d8b7aad}]

    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b256426-9b80-11dd-8b2b-001d7d8b7aad}]

    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e55e629-7ffb-11dd-8af5-001d7d8b7aad}]

    shell\AutoRun\command - wscript.exe .\.vbs

    shell\open\command - wscript.exe .\.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74834629-b4a7-11dd-8b4e-001d7d8b7aad}]

    shell\AutoRun\command - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usbhelp.exe

    shell\open\command - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usbhelp.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78145e78-80d8-11dd-8afe-001d7d8b7aad}]

    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78145e79-80d8-11dd-8afe-001d7d8b7aad}]

    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1b08df9-8968-11dd-8b07-001d7d8b7aad}]

    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

    ======List of files/folders created in the last 1 months======

    2008-11-20 10:21:53 ----D---- C:\rsit

    2008-11-20 10:21:53 ----D---- C:\Arquivos de programas\trend micro

    2008-11-20 10:17:20 ----A---- C:\WINDOWS\gmer.ini

    2008-11-20 10:17:19 ----A---- C:\WINDOWS\gmer_uninstall.cmd

    2008-11-20 10:17:19 ----A---- C:\WINDOWS\gmer.exe

    2008-11-20 10:17:19 ----A---- C:\WINDOWS\gmer.dll

    2008-11-19 11:40:37 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Help

    2008-11-19 11:35:19 ----D---- C:\Arquivos de programas\Random Number Generator Pro

    2008-11-19 10:04:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

    2008-11-19 09:18:09 ----D---- C:\Arquivos de programas\Lavasoft

    2008-11-19 09:18:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

    2008-11-19 09:17:49 ----D---- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

    2008-11-19 09:10:58 ----D---- C:\WINDOWS\pss

    2008-11-13 13:25:25 ----A---- C:\WINDOWS\ntbtlog.txt

    2008-11-13 13:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

    2008-11-13 13:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

    2008-11-13 12:20:37 ----D---- C:\My Downloads

    2008-11-13 12:20:36 ----RSH---- C:\WINDOWS\system32\xfire32.exe

    2008-11-13 12:20:36 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2008-10-29 18:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

    ======List of files/folders modified in the last 1 months======

    2008-11-20 10:22:04 ----D---- C:\Temp

    2008-11-20 10:21:53 ----D---- C:\Arquivos de programas

    2008-11-20 10:17:20 ----D---- C:\WINDOWS

    2008-11-20 10:17:19 ----D---- C:\WINDOWS\system32\drivers

    2008-11-20 10:16:44 ----D---- C:\WINDOWS\Prefetch

    2008-11-20 10:02:50 ----D---- C:\WINDOWS\Temp

    2008-11-19 15:23:57 ----A---- C:\WINDOWS\SchedLgU.Txt

    2008-11-19 10:04:41 ----D---- C:\WINDOWS\system32

    2008-11-19 10:01:33 ----D---- C:\WINDOWS\system32\CatRoot2

    2008-11-19 09:19:35 ----SHD---- C:\WINDOWS\Installer

    2008-11-19 09:17:49 ----D---- C:\Arquivos de programas\Arquivos comuns

    2008-11-19 09:17:20 ----RSHDC---- C:\WINDOWS\system32\dllcache

    2008-11-19 09:14:11 ----D---- C:\WINDOWS\system32\CatRoot

    2008-11-19 09:12:15 ----HD---- C:\WINDOWS\inf

    2008-11-19 09:12:15 ----D---- C:\WINDOWS\Help

    2008-11-19 09:11:49 ----SH---- C:\boot.ini

    2008-11-19 09:11:49 ----A---- C:\WINDOWS\win.ini

    2008-11-19 09:11:49 ----A---- C:\WINDOWS\system.ini

    2008-11-13 13:23:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

    2008-11-13 13:21:58 ----D---- C:\WINDOWS\$hf_mig$

    2008-11-13 13:21:56 ----A---- C:\WINDOWS\imsins.BAK

    2008-11-13 12:20:37 ----D---- C:\Program Files

    2008-11-03 21:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

    2008-10-21 09:02:44 ----D---- C:\Arquivos de programas\ESET

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]

    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]

    R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2008-09-12 3026]

    R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40192]

    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]

    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]

    R3 EloBus;Elobus Filter Driver; C:\WINDOWS\system32\DRIVERS\EloBus.sys [2007-05-04 14336]

    R3 EloSer;Elo Serial Driver; C:\WINDOWS\system32\DRIVERS\EloSer.sys [2007-05-03 108672]

    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]

    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-07-12 96384]

    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

    S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-20 85969]

    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe [2008-11-19 611664]

    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]

    R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]

    R2 EloSystemService;EloSystemService; C:\WINDOWS\system32\EloSrvce.exe [2007-05-03 45056]

    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]

    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]

    R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]

    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

    S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Goog+Ùø*d»Éƒ%žâÞOMª¡Ç*¨*†¶€W×Xx¨äß¹Æm &®ÛýCTY:tOö_•°IÀà53«]ášás¸æ2àBS‚™ÅìKSXÆí)não>Ï¢Là¡Ã°Ž±ùÙÜÑr¹Zïƒ

    ‡u){ðcôðá1±ù«Ø½«qX>öX½0*5le;p¥»„s’£…Í÷K

    ÛÙDBW]†h‚Lòl†ùð

    {‰x

    %çfÉ©°×¤§ÐƒHõô+ÿ.Z·“{ºÌÑ‚F6T´.C.Ïs©¥ÙkÊc”w3s&³Á<Š´¹}

    >não”‚šæ<?e~™êÞÎëö»você× 7]^È{

    å=Œ¶ìñ--HI7<ËuC

    mtÝÖäœ;f·Ñœì´¸eçæ°cVÝ̹}a‡…\Ã-º‚eÊ,Œ‰hïÜ쎓’+†˜€á7¬•ÖI

    O+Å

    … 5©ÇŽä81$H

    '´.7ñÁ•ìàA¯Ýߊ?˜ö›}4bÀR@ÔC×°Lì$ï[¿ÛçírÌnêrÌ‚Ÿ¥ z¦Æ<né‚“u®0ÜC'í5DY°’LM¶Ûz‚ƒ™’¼gÉÙÁœ›å2c¦äèIt‰"ÆnÅØÛŽòª¸¸)µNHvQ^˜cj/†¿MÏ/¨êxKÝ¡¾QÍ È xB%Ré•Þ¿¢£õóß-S&tS#ºü:õÐ_§|

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Poste um novo log apenas do RSIT, por gentileza.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×