Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
onar.guimaraes

PC lento demais e travando área de trabalho.

Recommended Posts

O pc tá muito lento, e trava a área de trabalho e a rede.

O avast acusou alguns .vbs, mas resolvi não excluir por estar no system32.

Segue o log do GMER:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-07 11:27:52

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF3631618]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF36314D4]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF36319B2]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF36310AC]

SSDT spys.sys ZwEnumerateKey [0xF72A5CA2]

SSDT spys.sys ZwEnumerateValueKey [0xF72A6030]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF36315AE]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF3630FEC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF3631050]

SSDT spys.sys ZwQueryKey [0xF72A6108]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF36316CE]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF363168E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF363180E]

INT 0x62 ? 8653FBF8

INT 0x73 ? 864EFBF8

INT 0x83 ? 865ABBF8

INT 0xB4 ? 864EFBF8

---- Kernel code sections - GMER 1.0.14 ----

? spys.sys O sistema não pode encontrar o arquivo especificado. !

.text USBPORT.SYS!DllUnload F693F62C 5 Bytes JMP 864EF1D8

.text a0touadf.SYS F63AA386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]

.text a0touadf.SYS F63AA3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]

.text a0touadf.SYS F63AA3C4 3 Bytes [ 00, 70, 02 ]

.text a0touadf.SYS F63AA3C9 1 Byte [ 2E ]

.text a0touadf.SYS F63AA3CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]

.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[3188] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 0056DBBD C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7288040] spys.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F728813C] spys.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72880BE] spys.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72887FC] spys.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72886D2] spys.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7298048] spys.sys

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[HAL.dll!KeGetCurrentIrql] CB033043

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[HAL.dll!KfRaiseIrql] 0673C13B

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[HAL.dll!KfLowerIrql] C13B0003

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[HAL.dll!HalGetInterruptVector] 8366FA72

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[HAL.dll!READ_PORT_USHORT] 83660000

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200

IAT \SystemRoot\System32\Drivers\a0touadf.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[760] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002

IAT C:\WINDOWS\system32\services.exe[760] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 865AA1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\PCI_PNP1456 \Device\00000040 spys.sys

Device \Driver\usbohci \Device\USBPDO-0 864EE1F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 865AC1F8

Device \Driver\dmio \Device\DmControl\DmConfig 865AC1F8

Device \Driver\dmio \Device\DmControl\DmPnP 865AC1F8

Device \Driver\dmio \Device\DmControl\DmInfo 865AC1F8

Device \Driver\usbehci \Device\USBPDO-1 864F41F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 865401F8

Device \Driver\Cdrom \Device\CdRom0 863AD1F8

Device \Driver\Cdrom \Device\CdRom1 863AD1F8

Device \Driver\atapi \Device\Ide\IdePort0 8653F1F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8653F1F8

Device \Driver\atapi \Device\Ide\IdePort1 8653F1F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8653F1F8

Device \Driver\sptd \Device\3659128956 spys.sys

Device \Driver\NetBT \Device\NetBt_Wins_Export 8602C500

Device \Driver\NetBT \Device\NetbiosSmb 8602C500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 864EE1F8

Device \Driver\usbehci \Device\USBFDO-1 864F41F8

Device \Driver\nvata \Device\NvAta0 865AB1F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8621A500

Device \FileSystem\MRxSmb \Device\LanmanRedirector 8621A500

Device \Driver\Ftdisk \Device\FtControl 865401F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{AA81C938-3AE8-4E55-949C-0EA75F9AC057} 8602C500

Device \Driver\a0touadf \Device\Scsi\a0touadf1 863641F8

Device \Driver\a0touadf \Device\Scsi\a0touadf1Port3Path0Target0Lun0 863641F8

Device \FileSystem\Cdfs \Cdfs 8625B500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x27 0xAF 0xB2 0xD4 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7B 0xB8 0x31 0xA1 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9C 0xE7 0x94 0xAF ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x27 0xAF 0xB2 0xD4 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7B 0xB8 0x31 0xA1 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9C 0xE7 0x94 0xAF ...

---- EOF - GMER 1.0.14 ----

O log do RSIT:

Logfile of random's system information tool 1.04 (written by random/random)

Run by Admin at 2008-11-07 11:31:57

Microsoft Windows XP Professional Service Pack 2

System drive C: has 64 GB (42%) free of 153 GB

Total RAM: 1022 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:32:39, on 7/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.BIN

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Opticyber Admin\Admin.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Admin\Desktop\RSIT.exe

C:\Arquivos de programas\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: BrOffice.org 2.4.lnk = C:\Arquivos de programas\BrOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219268337109

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA81C938-3AE8-4E55-949C-0EA75F9AC057}: NameServer = 192.168.254.254

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 7336 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]

Octh Class - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll [2008-09-17 130248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

AskBar BHO - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-12-19 16062464]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]

"HP Software Update"=C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

"SDFix"=C:\SDFix\RunThis.bat [2008-11-06 964661]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"=C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"DAEMON Tools Lite"=C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2007-10-29 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2007-10-29 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]

C:\WINDOWS\EXPLORER.EXE [2007-10-29 1034240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wsctf.exe]

wsctf.exe []

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Documents and Settings\Admin\Menu Iniciar\Programas\Inicializar

BrOffice.org 2.4.lnk - C:\Arquivos de programas\BrOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Opticyber Admin\Admin.exe"="C:\Arquivos de programas\Opticyber Admin\Admin.exe:*:Enabled:Admin"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Orbitdownloader\orbitdm.exe"="C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"

"C:\Arquivos de programas\Orbitdownloader\orbitnet.exe"="C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

"C:\Arquivos de programas\Sports Interactive\Football Manager 2008\fm.exe"="C:\Arquivos de programas\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16aabb88-9ebb-11dd-8027-001bb99222e9}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2174ebdd-743a-11dd-a990-001bb99222e9}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f135e6d-a41f-11dd-8034-001bb99222e9}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7841f8a4-8d93-11dd-8007-001bb99222e9}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84a575c5-7d0b-11dd-a99b-001bb99222e9}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91d68de6-a9bb-11dd-803d-001bb99222e9}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91d68de7-a9bb-11dd-803d-001bb99222e9}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{936329d2-738f-11dd-a98e-001bb99222e9}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b80120a1-949b-11dd-8015-001bb99222e9}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcc07d8d-7052-11dd-a989-001bb99222e9}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcc07d94-7052-11dd-a989-001bb99222e9}]

shell\Auto\command - F:\program.exe e

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e279624b-6f90-11dd-a988-001bb99222e9}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

======List of files/folders created in the last 1 months======

2008-11-07 11:31:57 ----D---- C:\rsit

2008-11-07 11:31:57 ----D---- C:\Arquivos de programas\trend micro

2008-11-07 11:11:14 ----A---- C:\WINDOWS\gmer.ini

2008-11-07 11:11:12 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-07 11:11:12 ----A---- C:\WINDOWS\gmer.exe

2008-11-07 11:11:12 ----A---- C:\WINDOWS\gmer.dll

2008-11-07 09:23:48 ----D---- C:\WINDOWS\ERUNT

2008-11-07 09:22:59 ----D---- C:\WINDOWS\CSC

2008-11-07 09:22:52 ----A---- C:\WINDOWS\ntbtlog.txt

2008-11-07 09:20:40 ----D---- C:\SDFix

2008-11-07 09:00:33 ----D---- C:\WINDOWS\pss

2008-11-04 17:15:25 ----D---- C:\Arquivos de programas\MP4Tool

2008-11-04 12:52:38 ----D---- C:\DVDVideoSoft

2008-11-04 12:52:11 ----D---- C:\Arquivos de programas\AskBarDis

2008-11-04 12:52:02 ----D---- C:\Arquivos de programas\DVDVideoSoft

2008-11-04 12:52:02 ----D---- C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

2008-10-23 17:15:48 ----A---- C:\WINDOWS\system32\Sp5x_32.dll

2008-10-23 17:15:48 ----A---- C:\WINDOWS\ShowBmp.exe

2008-10-23 17:15:48 ----A---- C:\WINDOWS\Remove.ini

2008-10-23 17:15:48 ----A---- C:\WINDOWS\amcap533.exe

2008-10-23 17:15:47 ----D---- C:\WINDOWS\Setup533

2008-10-23 16:01:30 ----D---- C:\Documents and Settings\Admin\Dados de aplicativos\Malwarebytes

2008-10-23 16:01:26 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-10-23 16:01:26 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-10-17 20:51:10 ----D---- C:\Arquivos de programas\DIFX

2008-10-17 20:50:27 ----D---- C:\Documents and Settings\Admin\Dados de aplicativos\PC Suite

2008-10-17 20:50:26 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2008-10-17 20:50:15 ----A---- C:\WINDOWS\system32\nmwcdcls.dll

2008-10-17 20:50:02 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Downloaded Installations

2008-10-17 10:41:29 ----D---- C:\Arquivos de programas\DAEMON Tools Lite

2008-10-15 14:19:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2008-10-15 14:19:08 ----D---- C:\Documents and Settings\Admin\Dados de aplicativos\NCH Swift Sound

2008-10-15 14:18:26 ----D---- C:\Arquivos de programas\NCH Software

2008-10-15 14:18:24 ----D---- C:\Arquivos de programas\NCH Swift Sound

2008-10-15 12:09:10 ----D---- C:\Arquivos de programas\FreeRIP3

2008-10-13 17:20:38 ----D---- C:\Arquivos de programas\DreaMule

2008-10-13 14:01:30 ----D---- C:\Arquivos de programas\MP3 Wav Editor

======List of files/folders modified in the last 1 months======

2008-11-07 11:32:33 ----D---- C:\Arquivos de programas\Opticyber Admin

2008-11-07 11:31:57 ----RD---- C:\Arquivos de programas

2008-11-07 11:31:39 ----D---- C:\WINDOWS\Prefetch

2008-11-07 11:28:53 ----D---- C:\Arquivos de programas\Mozilla Firefox

2008-11-07 11:11:14 ----D---- C:\WINDOWS

2008-11-07 11:11:12 ----D---- C:\WINDOWS\system32\drivers

2008-11-07 09:59:13 ----D---- C:\WINDOWS\Temp

2008-11-07 09:57:59 ----D---- C:\Documents and Settings\Admin\Dados de aplicativos\Orbit

2008-11-07 09:57:50 ----D---- C:\Documents and Settings\Admin\Dados de aplicativos\BrOffice.org2

2008-11-07 09:26:45 ----D---- C:\WINDOWS\system32

2008-11-07 09:23:05 ----D---- C:\Documents and Settings

2008-11-07 09:21:55 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-07 09:21:55 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-07 09:09:15 ----D---- C:\downloads

2008-11-07 09:06:05 ----D---- C:\!KillBox

2008-11-07 09:02:11 ----SH---- C:\boot.ini

2008-11-07 09:02:11 ----A---- C:\WINDOWS\win.ini

2008-11-07 09:02:11 ----A---- C:\WINDOWS\system.ini

2008-11-06 18:00:41 ----D---- C:\Documents and Settings\Admin\Dados de aplicativos\Image Zone Express

2008-11-06 16:41:40 ----D---- C:\Arquivos de programas\eMule

2008-11-06 13:36:34 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-04 12:52:02 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-10-24 12:51:09 ----HD---- C:\WINDOWS\inf

2008-10-23 17:15:47 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2008-10-23 17:15:44 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-10-23 16:35:20 ----HD---- C:\Config.Msi

2008-10-23 15:52:27 ----D---- C:\Arquivos de programas\Orbitdownloader

2008-10-23 15:41:42 ----SHD---- C:\WINDOWS\Installer

2008-10-23 15:39:00 ----D---- C:\WINDOWS\WinSxS

2008-10-23 15:38:32 ----DC---- C:\WINDOWS\system32\DRVSTORE

2008-10-23 15:36:32 ----D---- C:\Arquivos de programas\Microsoft ActiveSync

2008-10-23 15:36:30 ----D---- C:\WINDOWS\Help

2008-10-23 15:34:46 ----D---- C:\Arquivos de programas\LGGSM

2008-10-23 08:18:48 ----RSD---- C:\WINDOWS\Fonts

2008-10-21 13:58:56 ----D---- C:\Arquivos de programas\World of Warcraft

2008-10-19 16:02:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-10-16 14:14:26 ----SHD---- C:\System Volume Information

2008-10-15 13:18:13 ----A---- C:\WINDOWS\CryCDToMP3Ripper.ini

2008-10-15 13:09:51 ----D---- C:\My Music

2008-10-13 18:21:02 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-10-13 10:57:06 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-10-29 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-10-29 26624]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-10-29 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2007-10-29 17024]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []

S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

S3 a0touadf;a0touadf; C:\WINDOWS\system32\drivers\a0touadf.sys []

S3 btaudio;Dispositivo de áudio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys []

S3 BTDriver;Driver de comunicação virtual Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys []

S3 BTKRNL;Enumerador de barramento Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []

S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-07 85969]

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]

S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]

S3 usb2vcom;USB to Serial Bridge Controller; C:\WINDOWS\System32\Drivers\usb2vcom.sys [2006-07-16 30368]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 usbvideo;Dispositivo de vídeo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe a demora.

Segue o log do Hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 10:06:33, on 19/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.BIN

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Opticyber Admin\Admin.exe

C:\Arquivos de programas\Sports Interactive1\Football Manager 2008\fm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Documents and Settings\Admin\Meus documentos\Onar\PROGRAMAS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: BrOffice.org 2.4.lnk = C:\Arquivos de programas\BrOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219268337109

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA81C938-3AE8-4E55-949C-0EA75F9AC057}: NameServer = 192.168.254.254

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá nada nesse log indica malwares e vejo que você já rodou ferramentas de remoção de malware.

Ainda nota algo estranho no seu pc?

Ele ta meio lento ainda. E da umas travadas as vezes. Eu vou tentar desfragmentar. você me indica alguma ferramenta de limpeza de registro e limpeza do hd??

Compartilhar este post


Link para o post
Compartilhar em outros sites
Ele ta meio lento ainda. E da umas travadas as vezes. Eu vou tentar desfragmentar. você me indica alguma ferramenta de limpeza de registro e limpeza do hd??

Utilize o CCleaner que é uma ferramenta segura e eficaz.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×