Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Renato Pennafort

meu explore esta comprometido pelo xfire32

Recommended Posts

Estou com um problema em que meu pc foi infectado. Agora toda vez que inicio o pc ele da um erro no explore e pedi para ser fechado, e tambem quando coloco um pendrive ele fica detectand direto um worm e nao deleta, creio que isso seja culpa desse xfire32.

o log criado pelo RSIT é esse e mais em baixo tem o criado pelo GMER.exe

Logfile of random's system information tool 1.04 (written by random/random)

Run by Laércio at 2008-11-20 09:28:59

Microsoft Windows XP Professional Service Pack 2

System drive C: has 19 GB (38%) free of 50 GB

Total RAM: 502 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-20 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2008-02-20 185896]

"Xfire32"=C:\WINDOWS\system32\xfire32.exe [2007-06-13 851968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\System32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Documents and Settings\Laércio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [2008-11-18 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

C:\WINDOWS\System32\hkcmd.exe [2004-11-01 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

C:\WINDOWS\System32\igfxtray.exe [2004-11-01 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Arquivos de programas\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [2003-12-08 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2008-02-20 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

C:\ARQUIV~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2

"wuauserv"=3

"W32Time"=2

"odserv"=3

"ImapiService"=3

"usnjsvc"=3

"avast! Web Scanner"=3

"avast! Mail Scanner"=3

"avast! Antivirus"=2

"aswUpdSv"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxsrvc.dll [2004-11-01 348160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

"C:\Documents and Settings\Laércio\Configurações locais\Dados de aplicativos\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Laércio\Configurações locais\Dados de aplicativos\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"

"C:\Documents and Settings\Laércio\Configurações locais\Dados de aplicativos\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Laércio\Configurações locais\Dados de aplicativos\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"

"C:\WINDOWS\system32\xfire32.exe"="C:\WINDOWS\system32\xfire32.exe:*:Disabled:xfire32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f5cb5ad-0631-11dd-b69e-001558b37ac9}]

shell\AutoRun\command - ylr.exe

shell\explore\command - ylr.exe

shell\open\command - ylr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f5cb5af-0631-11dd-b69e-001558b37ac9}]

shell\AutoRun\command - aub0wb8.cmd

shell\explore\command - aub0wb8.cmd

shell\open\command - aub0wb8.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98e3c8ad-411c-11dd-b6e1-001558b37ac9}]

shell\Auto\command - auto.exe

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

shell\explore\command - jfvkcsy.bat

shell\open\command - jfvkcsy.bat

======File associations======

.js - open - "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-11-20 09:29:00 ----D---- C:\Arquivos de programas\trend micro

2008-11-20 09:28:59 ----D---- C:\rsit

2008-11-20 09:21:46 ----A---- C:\WINDOWS\gmer.ini

2008-11-20 09:21:44 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-20 09:21:44 ----A---- C:\WINDOWS\gmer.exe

2008-11-20 09:21:44 ----A---- C:\WINDOWS\gmer.dll

2008-11-20 08:55:12 ----D---- C:\WINDOWS\LastGood

2008-11-20 08:38:59 ----A---- C:\ComboFix.txt

2008-11-20 08:34:51 ----A---- C:\Boot.bak

2008-11-20 08:34:44 ----RASHD---- C:\cmdcons

2008-11-20 08:33:27 ----A---- C:\WINDOWS\zip.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\VFIND.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\SWXCACLS.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\SWSC.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\SWREG.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\sed.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\NIRCMD.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\grep.exe

2008-11-20 08:33:27 ----A---- C:\WINDOWS\fdsv.exe

2008-11-20 08:33:21 ----D---- C:\WINDOWS\ERDNT

2008-11-20 08:33:20 ----D---- C:\Qoobox

2008-11-19 11:53:24 ----D---- C:\My Downloads

2008-11-19 11:53:21 ----RSH---- C:\WINDOWS\system32\xfire32.exe

2008-11-19 11:53:20 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-11-19 11:21:23 ----A---- C:\WINDOWS\avisplitter.INI

2008-11-19 08:56:25 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-11-19 08:56:25 ----D---- C:\Arquivos de programas\Lavasoft

2008-11-19 08:55:14 ----D---- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-11-07 11:52:53 ----D---- C:\Documents and Settings\Laércio\Dados de aplicativos\CyberLink

======List of files/folders modified in the last 1 months======

2008-11-20 09:29:00 ----RD---- C:\Arquivos de programas

2008-11-20 09:21:54 ----D---- C:\WINDOWS\Prefetch

2008-11-20 09:21:46 ----D---- C:\WINDOWS

2008-11-20 09:21:44 ----D---- C:\WINDOWS\system32\drivers

2008-11-20 09:19:10 ----HD---- C:\WINDOWS\inf

2008-11-20 09:17:23 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-20 09:14:43 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-20 09:02:11 ----D---- C:\Arquivos de programas\Mozilla Firefox

2008-11-20 08:56:36 ----SHD---- C:\WINDOWS\Installer

2008-11-20 08:56:36 ----SHD---- C:\Config.Msi

2008-11-20 08:56:35 ----D---- C:\WINDOWS\Temp

2008-11-20 08:56:35 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-11-20 08:47:06 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-20 08:39:02 ----D---- C:\WINDOWS\system32

2008-11-20 08:37:26 ----A---- C:\WINDOWS\system.ini

2008-11-20 08:36:39 ----D---- C:\WINDOWS\AppPatch

2008-11-20 08:36:39 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-11-20 08:34:51 ----RASH---- C:\boot.ini

2008-11-20 08:31:23 ----A---- C:\WINDOWS\win.ini

2008-11-19 11:20:47 ----D---- C:\Documents and Settings\Laércio\Dados de aplicativos\uTorrent

2008-11-19 09:15:34 ----D---- C:\Arquivos de programas\eclipse

2008-11-19 08:53:09 ----SHD---- C:\System Volume Information

2008-11-18 10:14:00 ----A---- C:\WINDOWS\hpbafd.ini

2008-11-18 08:39:59 ----D---- C:\Documents and Settings\Laércio\Dados de aplicativos\Mozilla

2008-11-18 08:39:34 ----SD---- C:\WINDOWS\Tasks

2008-11-12 10:47:50 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 40192]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]

R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Protocolo de transporte compatível; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]

R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-28 63232]

R2 NwlnkSpx;Protocolo NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-28 55936]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-03-01 3959360]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]

R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-11-01 773565]

R3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]

R3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2004-08-03 404990]

R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]

S2 Proteq;Proteq; C:\WINDOWS\system32\drivers\Proteq.sys []

S3 aw59mfy1;aw59mfy1; C:\WINDOWS\system32\drivers\aw59mfy1.sys []

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-20 85969]

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-05 12288]

S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]

S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]

S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]

S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2004-08-03 95424]

S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe [2008-11-19 611664]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2004-02-23 65536]

R2 NwSapAgent;Agente SAP; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2004-08-04 73796]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2004-02-23 1515599]

S3 DB2NTSECSERVER;Servidor de Segurança do DB2; C:\Arquivos de programas\IBM\SQLLIB\BIN\db2sec.exe [2004-02-21 29816]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-06-21 654848]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2006-02-28 229376]

S4 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S4 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-20 09:28:26

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE626618]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE6264D4]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE6269B2]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE6260AC]

SSDT sptd.sys ZwEnumerateKey [0xF828FFB2]

SSDT sptd.sys ZwEnumerateValueKey [0xF8290340]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE6265AE]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE625FEC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE626050]

SSDT sptd.sys ZwQueryKey [0xF8290418]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE6266CE]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE62668E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE62680E]

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C30 805039E4 2 Bytes [ D4, 64 ]

.text ntkrnlpa.exe!ZwCallbackReturn + 2C90 80503A44 2 Bytes [ B2, 69 ]

.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80503B1C 2 Bytes [ AE, 65 ]

.text ntkrnlpa.exe!ZwCallbackReturn + 2E50 80503C04 2 Bytes [ CE, 66 ]

.text ntkrnlpa.exe!ZwCallbackReturn + 2EBC 80503C70 2 Bytes [ 8E, 66 ]

.text ...

? C:\WINDOWS\system32\drivers\sptd.sys O arquivo já está sendo usado por outro processo.

.text USBPORT.SYS!DllUnload F7F6B62C 5 Bytes JMP 821CA1C8

? System32\Drivers\aw59mfy1.SYS O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.14 ----

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[256] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F828AAD4] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F828AC1A] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F828AB9C] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F828B748] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F828B61E] sptd.sys

IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F82A029A] sptd.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002

IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00BA08E0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00BA05D0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00B990C0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B9A600

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00B9D770

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00B9B350

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B9A930

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00B9CAB0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00B9FAB0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00B9FAF0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00BA0C30

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00B9F6A0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00B9D6D0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00B9BE70

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00B9B000

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00B9B8F0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00BA11B0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00B9CE00

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00B9D530

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00B9E160

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00B9DC40

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00B9E0E0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00B9EC00

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00B9E2D0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00B9ACB0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00B9BD20

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00B9FBD0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00B9DD80

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00B9D670

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00B9D230

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00B9D880

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00BA0C50

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00B9DB80

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadIconW] 00BA0EF0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadCursorW] 00BA0E90

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateDialogParamW] 00BA10E0

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DialogBoxParamW] 00BA1180

IAT C:\WINDOWS\system32\xfire32.exe[2032] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadStringW] 00BA0FB0

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 823661E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 821151E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 823D91E8

Device \Driver\dmio \Device\DmControl\DmConfig 823D91E8

Device \Driver\dmio \Device\DmControl\DmPnP 823D91E8

Device \Driver\dmio \Device\DmControl\DmInfo 823D91E8

Device \Driver\usbuhci \Device\USBPDO-1 821151E8

Device \Driver\usbuhci \Device\USBPDO-2 821151E8

Device \Driver\usbuhci \Device\USBPDO-3 821151E8

Device \Driver\PCI_NTPNP0732 \Device\00000054 sptd.sys

Device \Driver\usbehci \Device\USBPDO-4 820FE1E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 823681E8

Device \Driver\Ftdisk \Device\HarddiskVolume2 823681E8

Device \Driver\Cdrom \Device\CdRom0 820E61E8

Device \Driver\Cdrom \Device\CdRom1 820E61E8

Device \Driver\atapi \Device\Ide\IdePort0 823671E8

Device \Driver\atapi \Device\Ide\IdePort1 823671E8

Device \Driver\atapi \Device\Ide\IdePort2 823671E8

Device \Driver\atapi \Device\Ide\IdePort3 823671E8

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 823671E8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 823671E8

Device \Driver\Cdrom \Device\CdRom2 820E61E8

Device \Driver\NetBT \Device\NetBt_Wins_Export 81E9D790

Device \Driver\NetBT \Device\NetbiosSmb 81E9D790

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 821151E8

Device \Driver\usbuhci \Device\USBFDO-1 821151E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81E411E8

Device \Driver\usbuhci \Device\USBFDO-2 821151E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 81E411E8

Device \Driver\usbuhci \Device\USBFDO-3 821151E8

Device \Driver\usbehci \Device\USBFDO-4 820FE1E8

Device \Driver\Ftdisk \Device\FtControl 823681E8

Device \Driver\aw59mfy1 \Device\Scsi\aw59mfy11Port4Path0Target0Lun0 820E21E8

Device \Driver\aw59mfy1 \Device\Scsi\aw59mfy11 820E21E8

Device \Driver\aw59mfy1 \Device\Scsi\aw59mfy11Port4Path0Target1Lun0 820E21E8

Device \FileSystem\Cdfs \Cdfs 81E341E8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD9 0x00 0x8D 0x32 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0x4C 0x3A 0xFA ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xA0 0x83 0x6E ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x59 0x3E 0xD3 0x13 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD9 0x00 0x8D 0x32 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0x4C 0x3A 0xFA ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xA0 0x83 0x6E ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x59 0x3E 0xD3 0x13 ...

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tenho mais 4 computadores comprometidos...

Tenho que postar também os logs deles?

o proximo é o seguinte

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-20 10:21:42

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB7310618]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB73104D4]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB73109B2]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB73100AC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB73105AE]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB730FFEC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB7310050]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB73106CE]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB731068E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB731080E]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002

IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00B990C0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B9A600

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00B9D770

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00B9B350

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B9A930

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00B9FAB0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00B9FAF0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00BA0C30

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00B9F6A0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00B9D6D0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00B9BE70

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00B9B000

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00B9B8F0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00BA11B0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00B9CE00

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00B9D530

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00B9E160

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00B9DC40

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00B9E0E0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00B9EC00

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00B9E2D0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00B9ACB0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00B9BD20

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00B9FBD0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00B9DD80

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00B9D670

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00B9D230

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00B9D880

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00BA0C50

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00B9DB80

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00B9CAB0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadIconW] 00BA0EF0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadCursorW] 00BA0E90

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateDialogParamW] 00BA10E0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DialogBoxParamW] 00BA1180

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadStringW] 00BA0FB0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00BA08E0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00BA05D0

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.14 ----

Logfile of random's system information tool 1.04 (written by random/random)

Run by Administrador at 2008-11-20 10:21:53

Microsoft Windows XP Professional Service Pack 2

System drive C: has 231 GB (97%) free of 238 GB

Total RAM: 2047 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:22:05, on 20/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\xfire32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\xfire32.exe

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\EloSrvce.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\EloDkMon.exe

C:\WINDOWS\system32\EloTTray.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrador\Desktop\RSIT.exe

C:\Arquivos de programas\trend micro\Administrador.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Proyecto1] C:\WINDOWS\smms.exe

O4 - HKLM\..\Run: [Xfire32] xfire32.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunServices: [Xfire32] xfire32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{217BB840-6CD8-4C23-90F7-9B5BEC64F08F}: NameServer = 10.15.1.14,10.15.1.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{217BB840-6CD8-4C23-90F7-9B5BEC64F08F}: NameServer = 10.15.1.14,10.15.1.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{217BB840-6CD8-4C23-90F7-9B5BEC64F08F}: NameServer = 10.15.1.14,10.15.1.3

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: EloSystemService - Elo Touchsystems - C:\WINDOWS\system32\EloSrvce.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5817 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\arquivos de programas\google\googletoolbar1.dll [2008-10-03 2423872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-08 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\arquivos de programas\google\googletoolbar1.dll [2008-10-03 2423872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]

"Proyecto1"=C:\WINDOWS\smms.exe []

"Xfire32"=C:\WINDOWS\system32\xfire32.exe [2007-06-13 851968]

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-08 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

C:\ARQUIV~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\WINDOWS\system32\xfire32.exe"="C:\WINDOWS\system32\xfire32.exe:*:Disabled:xfire32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f32ede1-9537-11dd-8b1f-001d7d8b7aad}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38135741-946a-11dd-8b1d-001d7d8b7aad}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b256426-9b80-11dd-8b2b-001d7d8b7aad}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e55e629-7ffb-11dd-8af5-001d7d8b7aad}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74834629-b4a7-11dd-8b4e-001d7d8b7aad}]

shell\AutoRun\command - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usbhelp.exe

shell\open\command - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usbhelp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78145e78-80d8-11dd-8afe-001d7d8b7aad}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78145e79-80d8-11dd-8afe-001d7d8b7aad}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1b08df9-8968-11dd-8b07-001d7d8b7aad}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

======List of files/folders created in the last 1 months======

2008-11-20 10:21:53 ----D---- C:\rsit

2008-11-20 10:21:53 ----D---- C:\Arquivos de programas\trend micro

2008-11-20 10:17:20 ----A---- C:\WINDOWS\gmer.ini

2008-11-20 10:17:19 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-20 10:17:19 ----A---- C:\WINDOWS\gmer.exe

2008-11-20 10:17:19 ----A---- C:\WINDOWS\gmer.dll

2008-11-19 11:40:37 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Help

2008-11-19 11:35:19 ----D---- C:\Arquivos de programas\Random Number Generator Pro

2008-11-19 10:04:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

2008-11-19 09:18:09 ----D---- C:\Arquivos de programas\Lavasoft

2008-11-19 09:18:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-11-19 09:17:49 ----D---- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-11-19 09:10:58 ----D---- C:\WINDOWS\pss

2008-11-13 13:25:25 ----A---- C:\WINDOWS\ntbtlog.txt

2008-11-13 13:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-13 13:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-11-13 12:20:37 ----D---- C:\My Downloads

2008-11-13 12:20:36 ----RSH---- C:\WINDOWS\system32\xfire32.exe

2008-11-13 12:20:36 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-10-29 18:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-20 10:22:04 ----D---- C:\Temp

2008-11-20 10:21:53 ----D---- C:\Arquivos de programas

2008-11-20 10:17:20 ----D---- C:\WINDOWS

2008-11-20 10:17:19 ----D---- C:\WINDOWS\system32\drivers

2008-11-20 10:16:44 ----D---- C:\WINDOWS\Prefetch

2008-11-20 10:02:50 ----D---- C:\WINDOWS\Temp

2008-11-19 15:23:57 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-19 10:04:41 ----D---- C:\WINDOWS\system32

2008-11-19 10:01:33 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-19 09:19:35 ----SHD---- C:\WINDOWS\Installer

2008-11-19 09:17:49 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-11-19 09:17:20 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-19 09:14:11 ----D---- C:\WINDOWS\system32\CatRoot

2008-11-19 09:12:15 ----HD---- C:\WINDOWS\inf

2008-11-19 09:12:15 ----D---- C:\WINDOWS\Help

2008-11-19 09:11:49 ----SH---- C:\boot.ini

2008-11-19 09:11:49 ----A---- C:\WINDOWS\win.ini

2008-11-19 09:11:49 ----A---- C:\WINDOWS\system.ini

2008-11-13 13:23:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-11-13 13:21:58 ----D---- C:\WINDOWS\$hf_mig$

2008-11-13 13:21:56 ----A---- C:\WINDOWS\imsins.BAK

2008-11-13 12:20:37 ----D---- C:\Program Files

2008-11-03 21:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

2008-10-21 09:02:44 ----D---- C:\Arquivos de programas\ESET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]

R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2008-09-12 3026]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40192]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]

R3 EloBus;Elobus Filter Driver; C:\WINDOWS\system32\DRIVERS\EloBus.sys [2007-05-04 14336]

R3 EloSer;Elo Serial Driver; C:\WINDOWS\system32\DRIVERS\EloSer.sys [2007-05-03 108672]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-07-12 96384]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-20 85969]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe [2008-11-19 611664]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]

R2 EloSystemService;EloSystemService; C:\WINDOWS\system32\EloSrvce.exe [2007-05-03 45056]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Goog+Ùø*d»Éƒ%žâÞOMª¡Ç*¨*†¶€W×Xx¨äß¹Æm &®ÛýCTY:tOö_•°IÀà53«]ášás¸æ2àBS‚™ÅìKSXÆí)não>Ï¢Là¡Ã°Ž±ùÙÜÑr¹Zïƒ

‡u){ðcôðá1±ù«Ø½«qX>öX½0*5le;p¥»„s’£…Í÷K

ÛÙDBW]†h‚Lòl†ùð

{‰x

%çfÉ©°×¤§ÐƒHõô+ÿ.Z·“{ºÌÑ‚F6T´.C.Ïs©¥ÙkÊc”w3s&³Á<Š´¹}

>não”‚šæ<?e~™êÞÎëö»você× 7]^È{

å=Œ¶ìñ--HI7<ËuC

mtÝÖäœ;f·Ñœì´¸eçæ°cVÝ̹}a‡…\Ã-º‚eÊ,Œ‰hïÜ쎓’+†˜€á7¬•ÖI

O+Å

… 5©ÇŽä81$H

'´.7ñÁ•ìàA¯Ýߊ?˜ö›}4bÀR@ÔC×°Lì$ï[¿ÛçírÌnêrÌ‚Ÿ¥ z¦Æ<né‚“u®0ÜC'í5DY°’LM¶Ûz‚ƒ™’¼gÉÙÁœ›å2c¦äèIt‰"ÆnÅØÛŽòª¸¸)µNHvQ^˜cj/†¿MÏ/¨êxKÝ¡¾QÍ È xB%Ré•Þ¿¢£õóß-S&tS#ºü:õÐ_§|

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tenho mais 4 computadores comprometidos...

Tenho que postar também os logs deles?

o proximo é o seguinte

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-20 10:21:42

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB7310618]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB73104D4]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB73109B2]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB73100AC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB73105AE]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB730FFEC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB7310050]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB73106CE]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB731068E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB731080E]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002

IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00B990C0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B9A600

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00B9D770

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00B9B350

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B9A930

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00B9FAB0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00B9FAF0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00BA0C30

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00B9F6A0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00B9D6D0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00B9BE70

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00B9B000

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00B9B8F0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00BA11B0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00B9CE00

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00B9D530

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00B9E160

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00B9DC40

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00B9E0E0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00B9EC00

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00B9E2D0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00B9ACB0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00B9BD20

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00B9FBD0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00B9DD80

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00B9D670

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00B9D230

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00B9D880

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00BA0C50

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00B9DB80

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00B9CAB0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadIconW] 00BA0EF0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadCursorW] 00BA0E90

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateDialogParamW] 00BA10E0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DialogBoxParamW] 00BA1180

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadStringW] 00BA0FB0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00BA08E0

IAT C:\WINDOWS\system32\xfire32.exe[1760] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00BA05D0

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

E o log do RSIT

Logfile of random's system information tool 1.04 (written by random/random)

Run by Administrador at 2008-11-20 10:21:53

Microsoft Windows XP Professional Service Pack 2

System drive C: has 231 GB (97%) free of 238 GB

Total RAM: 2047 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:22:05, on 20/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\xfire32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\xfire32.exe

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\EloSrvce.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\EloDkMon.exe

C:\WINDOWS\system32\EloTTray.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrador\Desktop\RSIT.exe

C:\Arquivos de programas\trend micro\Administrador.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Proyecto1] C:\WINDOWS\smms.exe

O4 - HKLM\..\Run: [Xfire32] xfire32.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunServices: [Xfire32] xfire32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{217BB840-6CD8-4C23-90F7-9B5BEC64F08F}: NameServer = 10.15.1.14,10.15.1.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{217BB840-6CD8-4C23-90F7-9B5BEC64F08F}: NameServer = 10.15.1.14,10.15.1.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{217BB840-6CD8-4C23-90F7-9B5BEC64F08F}: NameServer = 10.15.1.14,10.15.1.3

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: EloSystemService - Elo Touchsystems - C:\WINDOWS\system32\EloSrvce.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5817 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\arquivos de programas\google\googletoolbar1.dll [2008-10-03 2423872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-08 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\arquivos de programas\google\googletoolbar1.dll [2008-10-03 2423872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]

"Proyecto1"=C:\WINDOWS\smms.exe []

"Xfire32"=C:\WINDOWS\system32\xfire32.exe [2007-06-13 851968]

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-08 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

C:\ARQUIV~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\WINDOWS\system32\xfire32.exe"="C:\WINDOWS\system32\xfire32.exe:*:Disabled:xfire32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f32ede1-9537-11dd-8b1f-001d7d8b7aad}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38135741-946a-11dd-8b1d-001d7d8b7aad}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b256426-9b80-11dd-8b2b-001d7d8b7aad}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e55e629-7ffb-11dd-8af5-001d7d8b7aad}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74834629-b4a7-11dd-8b4e-001d7d8b7aad}]

shell\AutoRun\command - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usbhelp.exe

shell\open\command - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usbhelp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78145e78-80d8-11dd-8afe-001d7d8b7aad}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78145e79-80d8-11dd-8afe-001d7d8b7aad}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1b08df9-8968-11dd-8b07-001d7d8b7aad}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

======List of files/folders created in the last 1 months======

2008-11-20 10:21:53 ----D---- C:\rsit

2008-11-20 10:21:53 ----D---- C:\Arquivos de programas\trend micro

2008-11-20 10:17:20 ----A---- C:\WINDOWS\gmer.ini

2008-11-20 10:17:19 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-20 10:17:19 ----A---- C:\WINDOWS\gmer.exe

2008-11-20 10:17:19 ----A---- C:\WINDOWS\gmer.dll

2008-11-19 11:40:37 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Help

2008-11-19 11:35:19 ----D---- C:\Arquivos de programas\Random Number Generator Pro

2008-11-19 10:04:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

2008-11-19 09:18:09 ----D---- C:\Arquivos de programas\Lavasoft

2008-11-19 09:18:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-11-19 09:17:49 ----D---- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-11-19 09:10:58 ----D---- C:\WINDOWS\pss

2008-11-13 13:25:25 ----A---- C:\WINDOWS\ntbtlog.txt

2008-11-13 13:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-13 13:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-11-13 12:20:37 ----D---- C:\My Downloads

2008-11-13 12:20:36 ----RSH---- C:\WINDOWS\system32\xfire32.exe

2008-11-13 12:20:36 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-10-29 18:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-20 10:22:04 ----D---- C:\Temp

2008-11-20 10:21:53 ----D---- C:\Arquivos de programas

2008-11-20 10:17:20 ----D---- C:\WINDOWS

2008-11-20 10:17:19 ----D---- C:\WINDOWS\system32\drivers

2008-11-20 10:16:44 ----D---- C:\WINDOWS\Prefetch

2008-11-20 10:02:50 ----D---- C:\WINDOWS\Temp

2008-11-19 15:23:57 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-19 10:04:41 ----D---- C:\WINDOWS\system32

2008-11-19 10:01:33 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-19 09:19:35 ----SHD---- C:\WINDOWS\Installer

2008-11-19 09:17:49 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-11-19 09:17:20 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-19 09:14:11 ----D---- C:\WINDOWS\system32\CatRoot

2008-11-19 09:12:15 ----HD---- C:\WINDOWS\inf

2008-11-19 09:12:15 ----D---- C:\WINDOWS\Help

2008-11-19 09:11:49 ----SH---- C:\boot.ini

2008-11-19 09:11:49 ----A---- C:\WINDOWS\win.ini

2008-11-19 09:11:49 ----A---- C:\WINDOWS\system.ini

2008-11-13 13:23:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-11-13 13:21:58 ----D---- C:\WINDOWS\$hf_mig$

2008-11-13 13:21:56 ----A---- C:\WINDOWS\imsins.BAK

2008-11-13 12:20:37 ----D---- C:\Program Files

2008-11-03 21:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

2008-10-21 09:02:44 ----D---- C:\Arquivos de programas\ESET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]

R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2008-09-12 3026]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40192]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]

R3 EloBus;Elobus Filter Driver; C:\WINDOWS\system32\DRIVERS\EloBus.sys [2007-05-04 14336]

R3 EloSer;Elo Serial Driver; C:\WINDOWS\system32\DRIVERS\EloSer.sys [2007-05-03 108672]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-07-12 96384]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-20 85969]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe [2008-11-19 611664]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]

R2 EloSystemService;EloSystemService; C:\WINDOWS\system32\EloSrvce.exe [2007-05-03 45056]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Goog+Ùø*d»Éƒ%žâÞOMª¡Ç*¨*†¶€W×Xx¨äß¹Æm &®ÛýCTY:tOö_•°IÀà53«]ášás¸æ2àBS‚™ÅìKSXÆí)não>Ï¢Là¡Ã°Ž±ùÙÜÑr¹Zïƒ

‡u){ðcôðá1±ù«Ø½«qX>öX½0*5le;p¥»„s’£…Í÷K

ÛÙDBW]†h‚Lòl†ùð

{‰x

%çfÉ©°×¤§ÐƒHõô+ÿ.Z·“{ºÌÑ‚F6T´.C.Ïs©¥ÙkÊc”w3s&³Á<Š´¹}

>não”‚šæ<?e~™êÞÎëö»você× 7]^È{

å=Œ¶ìñ--HI7<ËuC

mtÝÖäœ;f·Ñœì´¸eçæ°cVÝ̹}a‡…\Ã-º‚eÊ,Œ‰hïÜ쎓’+†˜€á7¬•ÖI

O+Å

… 5©ÇŽä81$H

'´.7ñÁ•ìàA¯Ýߊ?˜ö›}4bÀR@ÔC×°Lì$ï[¿ÛçírÌnêrÌ‚Ÿ¥ z¦Æ<né‚“u®0ÜC'í5DY°’LM¶Ûz‚ƒ™’¼gÉÙÁœ›å2c¦äèIt‰"ÆnÅØÛŽòª¸¸)µNHvQ^˜cj/†¿MÏ/¨êxKÝ¡¾QÍ È xB%Ré•Þ¿¢£õóß-S&tS#ºü:õÐ_§|

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste um novo log apenas do RSIT, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×