Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
RogerPT

Virus ou spyware

Recommended Posts

Boa tarde pessoal, antes de mais nada gostava de me apresentar visto que é a primeira vez que frequento este forum, portanto aqui vai:

Sou o Cláudio tenho 21 anos e estou cheio de virus :P

Ora o que se passa é o seguinte..

Foram criadas muitas pastas na minha unidade de disco local e noutros sitios ocultas, e alguns ficheiros de sistema como o config.sys. Alem disto estou com o problema de nao conseguir aceder ao disco d porque diz que nao encontra o resycled boot.com.

Depois de ter corrido o norton 2008 e nao ter encontrado nada corri o avg 8 (o novo) e encontrei alguns virus e cavalos de troia, aqui fica a lista:

Cavalo de Troia Small AD

Cavalo de Troia Startpage.DFW

Cavalo de Troia Generic11.KSC

Cavalo de Troia Generic11.AXMD

Cavalo de Troia Agent.AIZT

Virus Win32 Patched.T

Log RSIT:

Logfile of random's system information tool 1.04 (written by random/random)

Run by Administrador at 2008-11-07 18:11:02

Microsoft Windows XP Professional Service Pack 3

System drive C: has 7 GB (4%) free of 191 GB

Total RAM: 1023 MB (48% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Administrador.job

C:\WINDOWS\tasks\started.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]

SWEETIE Class - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll [2006-11-05 548992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

FGCatchUrl - C:\Programas\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Programas\AVG\AVG8\avgssie.dll [2008-11-07 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\PROGRA~1\FICHEI~1\SYMANT~1\IDS\IPSBHO.dll [2008-08-01 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

FlashGet GetFlash Class - C:\Programas\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - SweetIM For Internet Explorer - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll [2006-11-05 548992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"=C:\Programas\Winamp\winampa.exe [2007-02-13 35328]

"UnlockerAssistant"=C:\Programas\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]

"CreativeMS2020"=C:\Programas\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe [2006-05-09 143360]

"NeroFilterCheck"=C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"SoundMAXPnP"=C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]

"SoundMAX"=C:\Programas\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]

"SunJavaUpdateSched"=C:\Programas\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"Adobe Photo Downloader"=C:\Programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

"ISUSPM"=C:\Programas\Ficheiros comuns\InstallShield\UpdateService\isuspm.exe [2006-03-20 213936]

"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]

"Start WingMan Profiler"=C:\Programas\Logitech\Gaming Software\LWEMon.exe [2007-09-25 93208]

"SweetIM"=C:\Programas\Macrogaming\SweetIM\SweetIM.exe [2008-01-02 103712]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-02-14 13500416]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-02-14 86016]

"Flashget"=C:\Programas\FlashGet\FlashGet.exe [2007-09-25 2007088]

"ccApp"=C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe [2008-10-17 51048]

"osCheck"=C:\Programas\Norton AntiVirus\osCheck.exe [2008-02-06 718704]

"Adobe Reader Speed Launcher"=C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-07 1235736]

"Autorun Eater"=C:\Programas\Autorun Eater\oldmcdonald.exe [2008-03-15 438773]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

"DAEMON Tools"=C:\Programas\DAEMON Tools\daemon.exe [2007-04-03 165784]

"SweetIM"=C:\Programas\Macrogaming\SweetIM\SweetIM.exe [2008-01-02 103712]

"RocketDock"=C:\Programas\RocketDock\RocketDock.exe [2007-09-02 495616]

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Arranque

Yahoo! Widgets.lnk - C:\Programas\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=0

"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoFolderOptions"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Programas\MSN Messenger\msncall.exe"="C:\Programas\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\Programas\FoxScript\mirc32.exe"="C:\Programas\FoxScript\mirc32.exe:*:Enabled:mIRC"

"C:\Programas\EA SPORTS\FIFA 07\fifa07.exe"="C:\Programas\EA SPORTS\FIFA 07\fifa07.exe:*:Enabled:fifa07"

"C:\Programas\KONAMI\Pro Evolution Soccer 6\PES6.exe"="C:\Programas\KONAMI\Pro Evolution Soccer 6\PES6.exe:*:Enabled:pes6.exe"

"C:\Programas\uTorrent\utorrent.exe"="C:\Programas\uTorrent\utorrent.exe:*:Enabled:µTorrent"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Executar uma DLL como uma aplicação"

"C:\Programas\Steam\SteamApps\campeao69\counter-strike\hl.exe"="C:\Programas\Steam\SteamApps\campeao69\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

"D:\Programas\Bowlfish\eMule.exe"="D:\Programas\Bowlfish\eMule.exe:*:Enabled:eMule"

"C:\Documents and Settings\Administrador\Ambiente de trabalho\MiniRacingOnline\MiniRacingOnline\MiniRacingOnLine.exe"="C:\Documents and Settings\Administrador\Ambiente de trabalho\MiniRacingOnline\MiniRacingOnline\MiniRacingOnLine.exe:*:Enabled:MiniRacingOnLine"

"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"

"C:\Programas\HLSW\hlsw.exe"="C:\Programas\HLSW\hlsw.exe:*:Enabled:HLSW"

"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Consola de gestão da Microsoft"

"C:\Programas\Cyanide\GameCenter\GameCenter.exe"="C:\Programas\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"

"C:\Documents and Settings\Administrador\Definições locais\Temp\Rar$EX07.532\MiniRacingOnline\MiniRacingOnLine.exe"="C:\Documents and Settings\Administrador\Definições locais\Temp\Rar$EX07.532\MiniRacingOnline\MiniRacingOnLine.exe:*:Enabled:MiniRacingOnLine"

"D:\MiniRacingOnline\MiniRacingOnLine.exe"="D:\MiniRacingOnline\MiniRacingOnLine.exe:*:Enabled:MiniRacingOnLine"

"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"

"C:\Nexon\KartRider\NMService.exe"="C:\Nexon\KartRider\NMService.exe:*:Enabled:Nexon Messenger Core"

"C:\Programas\Sports Interactive\Football Manager 2008\fm.exe"="C:\Programas\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"

"C:\Programas\LimeWire\LimeWire.exe"="C:\Programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Programas\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Programas\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"

"C:\Programas\EA SPORTS\FIFA 08\FIFA08.exe"="C:\Programas\EA SPORTS\FIFA 08\FIFA08.exe:*:Enabled:FIFA08"

"C:\Programas\Steam\SteamApps\decopt\counter-strike\hl.exe"="C:\Programas\Steam\SteamApps\decopt\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Programas\Hamachi\hamachi.exe"="C:\Programas\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"

"C:\Conf\fc.exe"="C:\Conf\fc.exe:*:Enabled:fc"

"C:\Documents and Settings\All Users\start menu\programs\startup\fc.exe"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\fc.exe:*:Enabled:fc"

"C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\fc.exe"="C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\fc.exe:*:Enabled:fc"

"C:\Windows\Menu Iniciar\Iniciar\fc.exe"="C:\Windows\Menu Iniciar\Iniciar\fc.exe:*:Enabled:fc"

"C:\Programas\Steam\Steam.exe"="C:\Programas\Steam\Steam.exe:*:Enabled:Steam"

"C:\Programas\EA GAMES\MOHAA\MOHAA.exe"="C:\Programas\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"

"C:\Programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Programas\Ficheiros comuns\Ahead\Nero Web\SetupX.exe"="C:\Programas\Ficheiros comuns\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"

"C:\Programas\Skype\Phone\Skype.exe"="C:\Programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Programas\Piolet\Piolet.exe"="C:\Programas\Piolet\Piolet.exe:*:Enabled:Piolet"

"C:\Programas\Cyanide\Pro Cycling Manager - Season 2008\PCM.exe"="C:\Programas\Cyanide\Pro Cycling Manager - Season 2008\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2008"

"C:\Programas\Cyanide\Pro Cycling Manager - Season 2008\Autorun\Exe\Autorun.exe"="C:\Programas\Cyanide\Pro Cycling Manager - Season 2008\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2008 - AutoRun"

"C:\Documents and Settings\Administrador\Ambiente de trabalho\racer060\racer\racer.exe"="C:\Documents and Settings\Administrador\Ambiente de trabalho\racer060\racer\racer.exe:*:Enabled:racer"

"C:\Programas\bmoworld\BomberMan.exe"="C:\Programas\bmoworld\BomberMan.exe:*:Enabled:BomberMan"

"C:\Programas\Microsoft Games\Age of Empires III\age3.exe"="C:\Programas\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"

"C:\Programas\FlashGet\flashget.exe"="C:\Programas\FlashGet\flashget.exe:*:Enabled:Flashget"

"C:\Programas\Aspyr\Top Spin 2\Data\Top Spin 2.exe"="C:\Programas\Aspyr\Top Spin 2\Data\Top Spin 2.exe:*:Enabled:Top Spin 2"

"C:\Programas\TmNationsForever\TmForever.exe"="C:\Programas\TmNationsForever\TmForever.exe:*:Enabled:TmForever"

"C:\Programas\MSN Messenger\msnmsgr.exe"="C:\Programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Programas\MSN Messenger\livecall.exe"="C:\Programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Programas\Sega\Beijing 2008\Beijing.exe"="C:\Programas\Sega\Beijing 2008\Beijing.exe:*:Enabled:Beijing 2008™"

"C:\Programas\sina\SAP\SAPlatform.exe"="C:\Programas\sina\SAP\SAPlatform.exe:*:Enabled:SAPlatform.exe"

"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz"

"C:\Programas\AVG\AVG8\avgam.exe"="C:\Programas\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"

"C:\Programas\AVG\AVG8\avgupd.exe"="C:\Programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Programas\AVG\AVG8\avgnsx.exe"="C:\Programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Programas\MSN Messenger\msncall.exe"="C:\Programas\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\Programas\MSN Messenger\msnmsgr.exe"="C:\Programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Programas\MSN Messenger\livecall.exe"="C:\Programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:

shell\Open\command - D:\resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cd376b2-ab72-11dd-91df-0015f2c625d9}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:

shell\Open\command - H:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78e5066d-cafc-11db-9a8f-806d6172696f}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:

shell\Open\command - D:\resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c38494c0-ab8c-11dd-91e0-0015f2c625d9}]

shell\AutoRun\command - H:\AutoRun.exe

======List of files/folders created in the last 1 months======

2008-11-07 18:11:03 ----D---- C:\Programas\trend micro

2008-11-07 18:11:02 ----D---- C:\rsit

2008-11-07 18:06:27 ----A---- C:\WINDOWS\gmer.ini

2008-11-07 18:06:25 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-07 18:06:24 ----A---- C:\WINDOWS\gmer.exe

2008-11-07 18:06:24 ----A---- C:\WINDOWS\gmer.dll

2008-11-07 17:36:59 ----D---- C:\Programas\Autorun Eater

2008-11-07 15:23:11 ----HD---- C:\$AVG8.VAULT$

2008-11-07 15:20:23 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2008-11-07 15:19:48 ----D---- C:\Programas\AVG

2008-11-07 15:19:47 ----D---- C:\Documents and Settings\All Users\Application Data\avg8

2008-11-07 14:45:25 ----A---- C:\rapport.txt

2008-11-07 14:44:46 ----A---- C:\WINDOWS\system32\WS2Fix.exe

2008-11-07 14:44:46 ----A---- C:\WINDOWS\system32\VCCLSID.exe

2008-11-07 14:44:46 ----A---- C:\WINDOWS\system32\VACFix.exe

2008-11-07 14:44:46 ----A---- C:\WINDOWS\system32\o4Patch.exe

2008-11-07 14:44:46 ----A---- C:\WINDOWS\system32\IEDFix.exe

2008-11-07 14:44:46 ----A---- C:\WINDOWS\system32\IEDFix.C.exe

2008-11-07 14:43:45 ----A---- C:\WINDOWS\ntbtlog.txt

2008-11-05 22:56:20 ----D---- C:\Programas\MODEM MF622

2008-11-05 22:55:39 ----D---- C:\WINDOWS\system32\SupportAppPT

2008-10-31 16:57:57 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-10-24 19:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2008-10-21 12:20:24 ----A---- C:\WINDOWS\system32\javaws.exe

2008-10-21 12:20:24 ----A---- C:\WINDOWS\system32\javaw.exe

2008-10-21 12:20:24 ----A---- C:\WINDOWS\system32\java.exe

2008-10-15 23:22:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-10-15 23:22:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2008-10-15 23:22:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-10-15 23:21:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-10-15 23:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-10-15 23:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$

2008-10-14 19:02:58 ----D---- C:\Programas\FIFApatcher

======List of files/folders modified in the last 1 months======

2008-11-07 18:11:03 ----D---- C:\WINDOWS\Temp

2008-11-07 18:11:03 ----AD---- C:\Programas

2008-11-07 18:07:50 ----D---- C:\Programas\Mozilla Firefox

2008-11-07 18:06:34 ----D---- C:\WINDOWS\Prefetch

2008-11-07 18:06:27 ----D---- C:\WINDOWS

2008-11-07 18:06:25 ----D---- C:\WINDOWS\system32\drivers

2008-11-07 17:20:57 ----SHD---- C:\System Volume Information

2008-11-07 16:43:58 ----D---- C:\Programas\FlashGet

2008-11-07 16:43:01 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-07 16:42:05 ----D---- C:\WINDOWS\system32

2008-11-07 15:19:42 ----SHD---- C:\WINDOWS\Installer

2008-11-07 15:19:07 ----SHD---- C:\Config.Msi

2008-11-07 14:55:05 ----SHD---- C:\WINDOWS\CSC

2008-11-07 14:45:37 ----A---- C:\WINDOWS\system32\tmp.txt

2008-11-06 23:09:40 ----SD---- C:\Documents and Settings\Administrador\Application Data\Microsoft

2008-11-06 22:58:57 ----D---- C:\Documents and Settings\Administrador\Application Data\uTorrent

2008-11-06 22:54:17 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-06 14:15:02 ----D---- C:\WINDOWS\system

2008-11-06 14:15:02 ----D---- C:\Programas\Ficheiros comuns\Microsoft Shared

2008-11-06 14:11:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-11-06 14:11:06 ----HD---- C:\WINDOWS\inf

2008-11-06 14:11:03 ----HD---- C:\Programas\Uninstall Information

2008-11-05 22:56:59 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-05 22:56:19 ----HD---- C:\Programas\InstallShield Installation Information

2008-11-05 20:20:58 ----D---- C:\Programas\FoxScript

2008-11-05 17:15:11 ----D---- C:\Programas\Ficheiros comuns\Symantec Shared

2008-11-04 12:59:39 ----D---- C:\Prison.Break.S04E01.PROPER.HDTV.XviD-2HD

2008-10-31 16:57:31 ----D---- C:\Programas\Spybot - Search & Destroy

2008-10-24 19:37:23 ----HD---- C:\WINDOWS\$hf_mig$

2008-10-21 12:36:22 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-10-21 12:20:11 ----D---- C:\Programas\Java

2008-10-18 19:38:38 ----D---- C:\Programas\eMule

2008-10-18 19:07:48 ----D---- C:\Documents and Settings\Administrador\Application Data\Hamachi

2008-10-17 17:46:58 ----D---- C:\Programas\Steam

2008-10-15 23:23:02 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-10-15 23:22:20 ----A---- C:\WINDOWS\imsins.BAK

2008-10-15 16:36:07 ----A---- C:\WINDOWS\system32\netapi32.dll

2008-10-08 16:12:26 ----D---- C:\Programas\HLSW

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2008-07-16 3468904]

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-07 98440]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-07 26824]

R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-07 90632]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programas\Ficheiros comuns\Symantec Shared\EENGINE\eeCtrl.sys []

R1 intelppm;Controlador de processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]

R1 kbdhid;Controlador HID de teclado; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 SPBBCDrv;SPBBCDrv; \??\C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCDrv.sys []

R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]

R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]

R1 Tcpip6;Controlador de Protocolo IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]

R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []

R1 WS2IFSL;Ambiente de compatibilidade com fornecedores de serviços não IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-09-21 12032]

R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]

R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]

R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]

R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-08-13 129408]

R3 ctms2020;Creative HID USB Filter Driver1; C:\WINDOWS\system32\DRIVERS\ctms2020.Sys [2006-05-09 8914]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programas\Ficheiros comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

R3 HidUsb;Controlador de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Controlador HID de rato; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-11-20 12160]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-02-14 6660960]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-03-11 47360]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-01 260288]

R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]

R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []

R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]

R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]

R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHEI~1\SYMANT~1\SymcData\ipsdefs\20081106.001\SymIDSCo.sys []

R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]

R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]

R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]

R3 tunmp;Controlador de adaptador miniporta Tun da Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]

R3 usbehci;Microsoft USB 2.0 - controlador Miniport de anfitrião melhorado; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrador activado por USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Controlador miniport do controlador Microsoft USB universal; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2007-09-13 19352]

R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2007-09-13 29976]

R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2007-09-13 14744]

R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2007-09-13 51608]

R4 sr;Controlador do filtro de restauro do sistema; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

S2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []

S3 aryvfh4x;aryvfh4x; C:\WINDOWS\system32\drivers\aryvfh4x.sys []

S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []

S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []

S3 E1000;Intel® PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-11-22 176128]

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-07 85969]

S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-05 15440]

S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]

S3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHEI~1\SYMANT~1\VIRUSD~1\20081106.036\NAVENG.SYS []

S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHEI~1\SYMANT~1\VIRUSD~1\20081106.036\NAVEX15.SYS []

S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]

S3 PciCon;PciCon; \??\E:\PciCon.sys []

S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]

S3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]

S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]

S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]

S3 USBSTOR;Controlador de armazenamento de massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2007-06-18 101120]

S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2007-06-18 101120]

S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2007-06-18 101120]

S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 - Serviço de ajuda; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Programas\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-07 231704]

R2 ccEvtMgr;Symantec Event Manager; C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 ccSetMgr;Symantec Settings Manager; C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 LiveUpdate Notice;LiveUpdate Notice; C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-02-14 155716]

R2 SmcService;Sygate Personal Firewall; C:\Programas\Sygate\SPF\smc.exe [2004-10-15 2577632]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 ZTE CDROM Monitor;ZTE CDROM Monitor; C:\WINDOWS\system32\SupportAppPT\ztemon.exe [2007-05-29 81920]

R3 NMIndexingService;NMIndexingService; C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2008-07-16 304528]

S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc); C:\WINDOWS\system32\pr2ah4nc.exe [2007-05-18 407152]

S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 IDriverT;InstallDriver Table Manager; C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 LiveUpdate;LiveUpdate; C:\Programas\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]

S3 odserv;Microsoft Office Diagnostics Service; C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\FICHEI~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-08-01 1245064]

S3 usnjsvc;Pastas Partilhadas do Messenger - USN Journal Reader Service; C:\Programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 WLSetupSvc;Windows Live Setup Service; C:\Programas\Windows Live\installer\WLSetupSvc.exe [2007-08-23 261120]

S3 WMPNetworkSvc;Serviço de Partilha de Rede do Windows Media Player; C:\Programas\Windows Media Player\WMPNetwk.exe [2007-01-05 915968]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Log Gmer:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-07 18:07:38

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwEnumerateKey [0xF752CE2C]

SSDT sptd.sys ZwEnumerateValueKey [0xF752D1BA]

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 86F5D1E8

Device \FileSystem\Fastfat \Fat 86814430

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (Sistema & kernel NT Kernel/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (Sistema & kernel NT Kernel/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (Sistema & kernel NT Kernel/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (Sistema & kernel NT Kernel/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.14 ----

Log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:55:36, on 07-11-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\SupportAppPT\ztemon.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programas\Winamp\winampa.exe

C:\Programas\Unlocker\UnlockerAssistant.exe

C:\Programas\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe

C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programas\Analog Devices\SoundMAX\Smax4.exe

C:\Programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Programas\Ficheiros comuns\InstallShield\UpdateService\isuspm.exe

C:\Programas\Logitech\Gaming Software\LWEMon.exe

C:\Programas\Macrogaming\SweetIM\SweetIM.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programas\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\DAEMON Tools\daemon.exe

C:\Programas\RocketDock\RocketDock.exe

C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

C:\Programas\Yahoo!\Widgets\YahooWidgets.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Autorun Eater\oldmcdonald.exe

C:\Programas\Autorun Eater\billy.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

C:\Programas\Microsoft Office\Office12\OUTLOOK.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programas\FlashGet\jccatch.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHEI~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programas\FlashGet\getflash.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [CreativeMS2020] C:\Programas\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Programas\Ficheiros comuns\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [start WingMan Profiler] C:\Programas\Logitech\Gaming Software\LWEMon.exe /noui

O4 - HKLM\..\Run: [sweetIM] C:\Programas\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Flashget] C:\Programas\FlashGet\FlashGet.exe /min

O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programas\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Autorun Eater] C:\Programas\Autorun Eater\oldmcdonald.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [sweetIM] C:\Programas\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Programas\RocketDock\RocketDock.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Yahoo! Widgets.lnk = C:\Programas\Yahoo!\Widgets\YahooWidgets.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Gnuf Casino - {8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - C:\Programas\Gnuf\Casino\casinogame.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Programas\Gnuf\Poker\MPPoker.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173091029506

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programas\Sygate\SPF\smc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHEI~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programas\Windows Live\installer\WLSetupSvc.exe

O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

--

End of file - 12425 bytes

Alguem me pode ajudar?

Obrigado

Editado por RogerPT

Compartilhar este post


Link para o post
Compartilhar em outros sites

De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×