Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
diegomano

Log Hijcak This - MSN AD

Recommended Posts

Olá,

Acho que meu PC está infectado ou algo parecido. Toda vez que abro o MSN uma tela abre no Firefox a respeito de propaganda de sites. Queria saber como faço para resolver este problema.

Em todo caso segue abaixo o Log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:22:28, on 2/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Documents and Settings\Admin\so7.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Admin\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Admin\so7.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\PROGRA~1\FLASHG~1\jccatch.dll (file missing)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [win16dll] C:\DOCUME~1\Admin\CONFIG~1\Temp\7zS39.tmp\ppcs.exe

O4 - HKLM\..\Run: [Remobo] C:\Arquivos de programas\Remobo\Remobo.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\Documents and Settings\Admin\so7.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - G:\PROGRA~1\FLASHG~1\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - G:\PROGRA~1\FLASHG~1\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://reno--xx.spaces.live.com/PhotoUpload/MsnPUpld.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Admin/CONFIG~1/Temp/msohtmlclip1/01/clip_image002.gif

--

End of file - 9168 bytes

Obrigado pela atenção.

Diego

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Acho que meu PC está infectado ou algo parecido. Toda vez que abro o MSN uma tela abre no Firefox e no Internet Explorer a respeito de propaganda de sites. Queria saber como faço para resolver este problema.

Abaixo estão os dois logs, como pedido no tópico anterior:

1) gmer.txt:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-08 02:31:28

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT spzq.sys ZwCreateKey [0xF75890E0] <-- ROOTKIT !!!

SSDT spzq.sys ZwEnumerateKey [0xF75A7CA2] <-- ROOTKIT !!!

SSDT spzq.sys ZwEnumerateValueKey [0xF75A8030] <-- ROOTKIT !!!

SSDT spzq.sys ZwOpenKey [0xF75890C0] <-- ROOTKIT !!!

SSDT spzq.sys ZwQueryKey [0xF75A8108] <-- ROOTKIT !!!

SSDT spzq.sys ZwQueryValueKey [0xF75A7F88] <-- ROOTKIT !!!

SSDT spzq.sys ZwSetValueKey [0xF75A819A] <-- ROOTKIT !!!

INT 0x62 ? 82B76BF8

INT 0x82 ? 82B76BF8

INT 0xA4 ? 82970BF8

---- Kernel code sections - GMER 1.0.14 ----

? spzq.sys O sistema não pode encontrar o arquivo especificado. !

.text USBPORT.SYS!DllUnload F6ADE8AC 5 Bytes JMP 829701D8

.text aht7e68c.SYS F6A53386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]

.text aht7e68c.SYS F6A533AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]

.text aht7e68c.SYS F6A533C4 3 Bytes [ 00, 70, 02 ]

.text aht7e68c.SYS F6A533C9 1 Byte [ 2E ]

.text aht7e68c.SYS F6A533CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]

.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\winlogon.exe[588] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 1006B280 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\WINDOWS\system32\winlogon.exe[588] kernel32.dll!FreeLibraryAndExitThread 7C80C200 5 Bytes JMP 1006AFB0 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82B795E0

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F75BAC4C] spzq.sys

IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75BACA0] spzq.sys

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F758A040] spzq.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F758A13C] spzq.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F758A0BE] spzq.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F758A7FC] spzq.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F758A6D2] spzq.sys

IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F759A048] spzq.sys

IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 829702D8

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!RtlInitUnicodeString] F44D8B48

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!swprintf] C1815753

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeSetEvent] 00002590

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 467C8D51

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 76F6E84A

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] D88BFFFF

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8504C483

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 5F0A75DB

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 5B08438D

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!MmUnmapIoSpace] 5DE58B5E

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 259068C3

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IofCompleteRequest] 006A0000

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 88F0E853

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IofCallDriver] 558DFFFF

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 90838DF8

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 52000025

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoConnectInterrupt] 03895750

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoDetachDevice] FFF363E8

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0C458AFF

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeInitializeEvent] 8B104D8B

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeCancelTimer] 43881855

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 1C458B08

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!RtlInitAnsiString] 0F544389

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 89FF45B6

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoQueueWorkItem] 4D8B0C4B

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!MmMapIoSpace] 50538920

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 8924558B

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoReportDetectedDevice] 5389584B

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0A43885C

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0646B60F

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!NlsMbCodePageTag] A818C483

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8D7F743F

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001A8C8B

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0835100

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!sprintf] 7E8D503F

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] B9E85728

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!ObfDereferenceObject] 0F0000D1

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 8D0646B6

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001B8093

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!ZwClose] E0835200

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E857503F

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 0000EBB4

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 026B938D

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C6830000

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoCreateDevice] 0008B908

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!RtlCopyUnicodeString] FA8B0000

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 758BA5F3

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 064E8A08

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!ZwOpenKey] 883FE180

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 0002688B

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoStartTimer] 06468A00

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeInitializeTimer] 8306E8C0

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoInitializeTimer] 023C18C4

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeInitializeDpc] 02698388

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeInitializeSpinLock] 19750000

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoInitializeIrp] 028C838D

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!ZwCreateKey] 52500000

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00C143E8

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 08C48300

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!ZwSetValueKey] 0575C085

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeInsertQueueDpc] EB08708D

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 074E8A54

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoStartPacket] 026A8B88

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 83660000

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 7601487E

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoFreeMdl] 4AC68305

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!MmUnlockPages] F63302EB

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5614558B

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 75E85352

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 8BFFFFF4

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 0CC483F0

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeSynchronizeExecution] 2075F685

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoStartNextPacket] 050C7D80

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeBugCheckEx] 0092850F

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 458B0000

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeSetTimer] E85350F8

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!_allmul] FFFFF848

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!MmProbeAndLockPages] 8408C483

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!_except_handler3] BE7875C0

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!PoSetPowerState] 00000008

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] F346E853

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!RtlWriteRegistryValue] C483FFFF

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00F46804

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!_aulldiv] 838D0000

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!strstr] 00001A8C

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!_strupr] E850006A

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeQuerySystemTime] FFFF87CA

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000F468

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!KeTickCount] 808B8D00

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 6A00001B

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoDeleteDevice] B7E85100

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 33FFFF87

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoAllocateWorkItem] 6B8389C0

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoAllocateIrp] 89000002

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoAllocateMdl] 00026F83

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 73838900

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!MmLockPagableDataSection] 89000002

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 00027783

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 7B838900

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!ExFreePoolWithTag] 89000002

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoFreeIrp] 00027F83

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!IoFreeWorkItem] 83838900

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!InitSafeBootMode] 53000002

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!RtlCompareMemory] 02878389

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!PoCallDriver] 7FE80000

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!memmove] 83FFFF68

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[ntoskrnl.exe!MmHighestUserAddress] 8B5F1CC4

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[HAL.dll!KeGetCurrentIrql] 57B80974

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[HAL.dll!KfRaiseIrql] 8B000000

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[HAL.dll!KfLowerIrql] 56C35DE5

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[HAL.dll!HalGetInterruptVector] 8D08758B

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520

IAT \SystemRoot\System32\Drivers\aht7e68c.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 82B751F8

Device \FileSystem\Fastfat \FatCdrom 8278B500

Device \Driver\usbuhci \Device\USBPDO-0 8296F1F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 82BE31F8

Device \Driver\dmio \Device\DmControl\DmConfig 82BE31F8

Device \Driver\dmio \Device\DmControl\DmPnP 82BE31F8

Device \Driver\dmio \Device\DmControl\DmInfo 82BE31F8

Device \Driver\usbuhci \Device\USBPDO-1 8296F1F8

Device \Driver\PCI_PNP0654 \Device\00000046 spzq.sys

Device \Driver\NetBT \Device\NetBT_Tcpip_{27282461-7E4F-4747-9F4D-BD7B93482B0E} 827D2368

Device \Driver\Ftdisk \Device\HarddiskVolume1 82B771F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 82B771F8

Device \Driver\Cdrom \Device\CdRom0 829791F8

Device \Driver\Cdrom \Device\CdRom1 829791F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 827D2368

Device \Driver\NetBT \Device\NetbiosSmb 827D2368

Device \Driver\sptd \Device\851890654 spzq.sys

Device \Driver\usbuhci \Device\USBFDO-0 8296F1F8

Device \Driver\usbuhci \Device\USBFDO-1 8296F1F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8294E1F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 8294E1F8

Device \Driver\Ftdisk \Device\FtControl 82B771F8

Device \Driver\aht7e68c \Device\Scsi\aht7e68c1Port2Path0Target0Lun0 8276C500

Device \Driver\aht7e68c \Device\Scsi\aht7e68c1 8276C500

Device \FileSystem\Fastfat \Fat 8278B500

Device \FileSystem\Cdfs \Cdfs 82783408

---- Services - GMER 1.0.14 ----

Service C:\ARQUIV~1\GbPlugin\GbpSv.exe (*** hidden *** ) [AUTO] GbpSv <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ImagePath C:\ARQUIV~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA7 0x51 0xFC 0xF3 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xED 0x89 0xA2 0x60 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2A 0x7E 0xC1 0x4F ...

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ImagePath C:\ARQUIV~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA7 0x51 0xFC 0xF3 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xED 0x89 0xA2 0x60 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2A 0x7E 0xC1 0x4F ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4B03D255-3D5A-6686-BF78-B6AF07D02BBE}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4B03D255-3D5A-6686-BF78-B6AF07D02BBE}@naaljnghgpgkadpnconkempnlmac 0x6B 0x61 0x65 0x64 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4B03D255-3D5A-6686-BF78-B6AF07D02BBE}@magkdnpiljlgcgneplmoggdenp 0x6B 0x61 0x65 0x64 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9448D0F2-FC19-0DB0-84D4-4679FD55063F}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9448D0F2-FC19-0DB0-84D4-4679FD55063F}@haldebohdcbjpklb 0x66 0x61 0x70 0x70 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9448D0F2-FC19-0DB0-84D4-4679FD55063F}@iakgnhfjdpkiegdkjh 0x69 0x61 0x6D 0x70 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9448D0F2-FC19-0DB0-84D4-4679FD55063F}@haegdjdchjblpjie 0x69 0x61 0x6D 0x70 ...

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

2) log.txt:

Logfile of random's system information tool 1.04 (written by random/random)

Run by Admin at 2008-11-08 02:32:07

Microsoft Windows XP Professional Service Pack 3

System drive C: has 5 GB (13%) free of 38 GB

Total RAM: 383 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:32:36, on 8/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Documents and Settings\Admin\so7.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Admin\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Admin\so7.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Admin\Desktop\gmer\gmer.exe

C:\Documents and Settings\Admin\Desktop\RSIT.exe

C:\Arquivos de programas\Trend Micro\HijackThis\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\PROGRA~1\FLASHG~1\jccatch.dll (file missing)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [win16dll] C:\DOCUME~1\Admin\CONFIG~1\Temp\7zS39.tmp\ppcs.exe

O4 - HKLM\..\Run: [Remobo] C:\Arquivos de programas\Remobo\Remobo.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\Documents and Settings\Admin\so7.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - G:\PROGRA~1\FLASHG~1\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - G:\PROGRA~1\FLASHG~1\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://reno--xx.spaces.live.com/PhotoUpload/MsnPUpld.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Admin/CONFIG~1/Temp/msohtmlclip1/01/clip_image002.gif

--

End of file - 9147 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{B60C2DFE-5A7D-471D-86D9-90B2C294F6A6}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

FGCatchUrl - G:\PROGRA~1\FLASHG~1\jccatch.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-29 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

BitComet Helper - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29 468280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2008-10-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\arquivos de programas\google\googletoolbar2.dll [2008-10-01 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-11 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2008-09-01 384840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2008-10-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\arquivos de programas\google\googletoolbar2.dll [2008-10-01 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]

"win16dll"=C:\DOCUME~1\Admin\CONFIG~1\Temp\7zS39.tmp\ppcs.exe []

"Remobo"=C:\Arquivos de programas\Remobo\Remobo.exe []

"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2008-07-01 77824]

"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2008-06-29 185896]

"Advanced DHTML Enable"=C:\Documents and Settings\Admin\so7.exe [2008-11-01 24064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"Google Update"=C:\Documents and Settings\Admin\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [2008-09-25 133104]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-11 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADPHONE]

C:\Arquivos de programas\ADPHONE3\ADPHONE.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelCorelDRAW 10 Reminder]

F:\Programas\Corel Draw 10\Register\NAVBrowser.exe /r /i F:\Programas\Corel Draw 10\Register\NavLoad.ini []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\K-Lite Nitro]

C:\DOCUME~1\Admin\CONFIG~1\Temp\RarSFX12\K-LiteNitro.exe /hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

C:\Arquivos de programas\Logitech\Video\ISStart.exe [2003-08-29 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

C:\Arquivos de programas\Logitech\Video\LogiTray.exe [2003-08-29 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe [2008-08-16 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe [2008-04-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

C:\Arquivos de programas\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Arquivos de programas\QuickTime\qttask.exe [2008-07-01 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]

C:\Arquivos de programas\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]

C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]

C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

C:\Arquivos de programas\Steam\Steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2008-06-29 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\DOCUME~1\Admin\CONFIG~1\Temp\7zS2CA.tmp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WS]

C:\Solus Winspião 3.0\svchost\svchost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Iniciar^Programas^Inicializar^Microsoft Office Groove.lnk]

C:\ARQUIV~1\MICROS~2\Office12\GROOVE.EXE [2007-08-29 340856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

C:\ARQUIV~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Iniciar^Programas^Inicializar^Ultimate Runner.lnk]

C:\Documents and Settings\Admin\Configurações locais\Temp\RarSFX2\Ultimate Runner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

C:\ARQUIV~1\ARQUIV~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Logitech Desktop Messenger.lnk]

C:\ARQUIV~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2008-06-30 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Anyplace Control Security"=2

"aawservice"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2008-09-01 384840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2008-09-01 384840]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"=I:\PROGRA~1\Discos\GRAVAO~1\DVDREG~1.9PO\DVDShell.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Arquivos de programas\IncrediMail\bin\IncMail.exe"="C:\Arquivos de programas\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Arquivos de programas\IncrediMail\bin\ImApp.exe"="C:\Arquivos de programas\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Arquivos de programas\IncrediMail\bin\ImpCnt.exe"="C:\Arquivos de programas\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Documents and Settings\Admin\Configurações locais\Temp\Rar$EX03.562\portable_skype_3.5.0.239\Portable_Skype_3.5.0.239\skype\Skype.exe"="C:\Documents and Settings\Admin\Configurações locais\Temp\Rar$EX03.562\portable_skype_3.5.0.239\Portable_Skype_3.5.0.239\skype\Skype.exe:*:Enabled:skype"

"C:\Documents and Settings\Admin\Configurações locais\Temp\Rar$EX03.110\portable_skype_3.5.0.239\Portable_Skype_3.5.0.239\skype\Skype.exe"="C:\Documents and Settings\Admin\Configurações locais\Temp\Rar$EX03.110\portable_skype_3.5.0.239\Portable_Skype_3.5.0.239\skype\Skype.exe:*:Enabled:skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{077bf6f1-a356-11dd-8b90-00e07df67d53}]

shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5737e72b-46d0-11dd-89e4-00e07df67d53}]

shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7187a4c7-a7c5-11dd-8ba3-00e07df67d53}]

shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72f62b2d-45c4-11dd-8549-00e07df67d53}]

shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fa03f20-551f-11dd-8a42-00e07df67d53}]

shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1033fa9-7df9-11dd-8b01-00e07df67d53}]

shell\AutoRun\command - H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

shell\open\command - H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2a50d37-4e8e-11dd-8a19-00e07df67d53}]

shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

======File associations======

.js - open - "F:\Programas\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-11-08 02:32:07 ----D---- C:\rsit

2008-11-08 01:44:29 ----D---- C:\WINDOWS\Minidump

2008-11-08 01:40:01 ----A---- C:\WINDOWS\gmer.ini

2008-11-08 01:39:58 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-08 01:39:58 ----A---- C:\WINDOWS\gmer.dll

2008-11-08 01:39:57 ----A---- C:\WINDOWS\gmer.exe

2008-11-07 23:43:00 ----A---- C:\WINDOWS\War3Unin.exe

2008-11-07 05:27:20 ----D---- C:\Arquivos de programas\BitRule

2008-11-07 03:50:34 ----D---- C:\Arquivos de programas\eMule

2008-11-07 03:30:46 ----D---- C:\dvdXsoftoutput

2008-11-05 21:09:52 ----D---- C:\Arquivos de programas\DVD Audio Extractor

2008-11-05 21:03:12 ----D---- C:\Arquivos de programas\vob2audio

2008-11-05 20:47:19 ----D---- C:\DVDVideoSoft

2008-11-04 21:18:41 ----A---- C:\WINDOWS\system32\libusb0.dll

2008-11-03 16:35:31 ----D---- C:\Documents and Settings\Admin\Dados de aplicativos\skypePM

2008-11-03 16:31:26 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-11-02 12:34:46 ----D---- C:\Arquivos de programas\Trend Micro

2008-11-02 11:28:29 ----D---- C:\Arquivos de programas\Warcraft III

2008-10-28 23:04:50 ----D---- C:\Arquivos de programas\Troca-IP

2008-10-26 19:26:33 ----D---- C:\Arquivos de programas\PSP Extreme Link

2008-10-26 11:56:19 ----D---- C:\Documents and Settings\Admin\Dados de aplicativos\PEERNET

2008-10-25 20:10:10 ----D---- C:\Arquivos de programas\DAEMON Tools Lite

2008-10-24 21:32:09 ----D---- C:\Arquivos de programas\SeasideSoft

2008-10-24 21:27:56 ----D---- C:\Arquivos de programas\EvJOSoft

2008-10-24 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2008-10-19 23:40:21 ----D---- C:\Level Up! Games

2008-10-19 22:46:16 ----A---- C:\WINDOWS\GunzLauncher.INI

2008-10-19 22:38:38 ----D---- C:\Arquivos de programas\LevelUpGames

2008-10-19 01:19:58 ----D---- C:\Documents and Settings\Admin\Dados de aplicativos\Mozilla

2008-10-19 01:18:34 ----D---- C:\Arquivos de programas\Mozilla Firefox

2008-10-15 06:51:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-10-15 06:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2008-10-15 06:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-10-15 06:50:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-10-15 06:50:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-10-13 21:01:38 ----D---- C:\Documents and Settings\Admin\Dados de aplicativos\Sun

======List of files/folders modified in the last 1 months======

2008-11-08 02:32:05 ----D---- C:\WINDOWS\Prefetch

2008-11-08 01:44:29 ----AD---- C:\WINDOWS

2008-11-08 01:39:58 ----D---- C:\WINDOWS\system32\drivers

2008-11-07 22:55:40 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-07 21:34:48 ----D---- C:\WINDOWS\system32

2008-11-07 10:36:28 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-07 06:18:25 ----D---- C:\WINDOWS\Temp

2008-11-07 06:09:03 ----D---- C:\Temp

2008-11-07 06:05:56 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-07 05:27:20 ----RD---- C:\Arquivos de programas

2008-11-05 23:05:34 ----A---- C:\WINDOWS\DVDRegionFree.INI

2008-11-05 21:22:17 ----SHD---- C:\WINDOWS\Installer

2008-11-05 20:49:29 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-11-05 16:54:05 ----HD---- C:\WINDOWS\inf

2008-11-03 18:06:26 ----D---- C:\Arquivos de programas\pspvc

2008-11-03 18:06:26 ----A---- C:\WINDOWS\pspvc_path.ini

2008-11-03 18:06:14 ----D---- C:\Arquivos de programas\AviSynth 2.5

2008-11-03 15:36:52 ----HD---- C:\Downloads

2008-11-02 18:50:23 ----D---- C:\Documents and Settings\Admin\Dados de aplicativos\RipIt4Me

2008-11-01 12:13:11 ----D---- C:\Program Files

2008-10-31 21:24:55 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-10-28 23:04:24 ----N---- C:\WINDOWS\Setup1.exe

2008-10-28 23:04:19 ----A---- C:\WINDOWS\ST6UNST.EXE

2008-10-25 16:55:39 ----SD---- C:\Documents and Settings\Admin\Dados de aplicativos\Microsoft

2008-10-24 03:02:39 ----HD---- C:\WINDOWS\$hf_mig$

2008-10-17 02:53:34 ----SD---- C:\WINDOWS\Tasks

2008-10-15 14:36:42 ----A---- C:\WINDOWS\system32\netapi32.dll

2008-10-15 06:53:13 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-10-15 06:51:41 ----A---- C:\WINDOWS\imsins.BAK

2008-10-15 06:51:05 ----D---- C:\Arquivos de programas\Internet Explorer

2008-10-12 01:40:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-10-11 21:20:31 ----D---- C:\MyWorks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 SBKUPNT;SBKUPNT; \??\C:\WINDOWS\system32\Drivers\SBKUPNT.SYS []

R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]

R3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-08 85969]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]

R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2008-04-13 20992]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 aht7e68c;aht7e68c; C:\WINDOWS\system32\drivers\aht7e68c.sys []

S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem; C:\WINDOWS\system32\DRIVERS\BEFCMU10V4XP.sys [2004-07-05 14336]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-08-29 25280]

S3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 hipeer81;Remobo Virtual Interface; C:\WINDOWS\system32\DRIVERS\hipeer81.sys [2006-12-06 54528]

S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1; C:\WINDOWS\system32\DRIVERS\libusb0.sys [2007-03-20 28672]

S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []

S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-28 12288]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nm;Driver de monitor de rede; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]

S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-07-09 47360]

S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 152576]

S3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]

S3 PPortJoystick;Parallel Port Joystick device driver; C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 28800]

S3 radmrdd;radmrdd; C:\WINDOWS\system32\DRIVERS\radmrdd.sys []

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 XDva200;XDva200; \??\C:\WINDOWS\system32\XDva200.sys []

S3 XDva212;XDva212; \??\C:\WINDOWS\system32\XDva212.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-10-01 147456]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-01 138168]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe [2008-06-30 68096]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 MSCSPTISRV;MSCSPTISRV; C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]

S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PACSPTISVR;PACSPTISVR; C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Arquivos de programas\WinPcap\rpcapd.exe [2005-08-02 86016]

S3 SPTISRV;Sony SPTI Service; C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]

S3 SSScsiSV;SonicStage SCSI Service; C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe [2006-01-06 69632]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 aawservice;Ad-Aware 2007 Service; C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe []

S4 Anyplace Control Security;Anyplace Control Security; C:\WINDOWS\svcadmin.exe [2008-06-15 104960]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Obrigado pela atenção!

Aguardo resposta.

Diego

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro diegomano

O seu PC está infectado por um Backdoor.

Importante: Backdoor/IRCBot Trojans são extremamente perigosos, pois providenciam meios de acesso ao sistema operativo do computador. Atacantes remotos utilizam este tipo de malwares para ganhar acesso não autorizado ao seu PC e podem tomar total controlo sem o seu conhecimento.

Se você faz ou fez algum tipo de transações financeiras (aceder a bancos, compras, etc) com este PC, ou se ele contém alguma informação sensível, recomendo-lhe que:

  1. Evite ao máximo utilizar a internet neste pc, até que ele esteja limpo.
  2. Use um PC limpo e seguro e troque todas as suas palavras-passe ou palavras-chave (online passwords).
  3. Entre em contacto com as suas instituições financeiras e informe-as desta sua situação.

Muitos dos especialistas em segurança acreditam que após um PC ser infectado com este tipo de malwares, a melhor coisa a fazer é formatar e reinstalar novamente o Sistema Operacional.

Deixo ao seu critério se quer formatar ou não o PC. As infeções estão identificadas e podemos removê-las, o que não lhe posso garantir com 100% de certeza é que o seu PC fique seguro.

Caso opte pela remoção, siga os passos abaixo. Se optar por formatar, por favor informe-me disso na sua próxima resposta.

Imprima ou salve estas instruções, pois vais segui-las sem acesso à internet

# Etapa nº 1 #

Faça o download SDFix

  • Salve-o no seu desktop.
  • Dê o duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix
  • (Normalmente para o drive que contém o Windows. Habitualmente: C:\SDFix).
  • Não o utilize ainda

# Etapa nº 2 #
Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização)
# Etapa nº 3 #
Rode o SDFix.
  • Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
  • Tecle Y para que a ferramenta inicie o processo de remoção
  • Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
  • Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
  • Uma janela com o relatório do SDFix irá aparecer.
  • Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt

-- Caso uma janela abra e feche de repente, por favor vá até Iniciar -> Executar -> e copie e cole o seguinte texto:%systemdrive%\SDFix\apps\FixPath.exe /Q

Reinicie o PC e rode novamente o SDFix.

-- Se mesmo assim o SDFix não rodar, verifique a variável %comspec%. Clique direito do mouse em Meu Computador -> Propriedades -> Avançadas -> Variáveis do Ambiente e verifique se a variável ComSpec tê o valor para o cmd.exe. %SystemRoot%\system32\cmd.exe

# Etapa nº 4 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador

pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá diego_moicano,

Muito obrigado pela ajuda! Estou viajando e só conseguirei mexer no meu pc daqui uns dias. Estou pensando em não formatar mesmo. Depois eu posto os resultados que você me pediu.

Valeu de novo cara!

Flws!

Compartilhar este post


Link para o post
Compartilhar em outros sites

De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×