Jump to content


P.Berti's Content

There have been 2 items by P.Berti (Search limited from 29/03/2023)


Ordernar por                Order  

#983106 Micro Extremamente Lento - Desconfio De Praga Virtual

Posted by P.Berti on 08/10/2009, 19:32 in Casos Solucionados

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll

Selecione as entradas acima e clique em Fix Checked.

Pelo que eu analisei o seu problema não é vírus, pode ser que o problema da lentidão seja no próprio sistema que você utiliza, peça ajuda na seção de Hardware de como você pode melhorar o desempenho do computador trocando ou adicionando algum hardware.



Obrigado. Agradeço muito a atenção.



#982779 Micro Extremamente Lento - Desconfio De Praga Virtual

Posted by P.Berti on 05/10/2009, 23:01 in Casos Solucionados

Meu micro está extremamente lento. Desconfiei que ele estava com algum keylogger, pois meus webmails (hotmail, gmail e yahoo) foram invadidos e mensagens foram apagadas e sabe mais o que fizeram.

Instalei o Spybot, o PC Tools Antivírus, o PC Tools Firewall Plus, além de trocar pela terceira vez as senhas de todos os meus email´s.

Não sei se resolveu alguma coisa. Porém meu micro está por demais lento e não posso formatá-lo no momento.

Gostaria de ajuda de vc´s para analise do HijackThis e as orientações que se fixerem necessárias.

Agradeço antecipadamente.

Paulo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:36, on 05/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Arquivos de programas\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Arquivos de programas\Rockwell Software\RSCommon\RSOBSERV.EXE
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\o2flash.exe
C:\Arquivos de programas\PC Tools Firewall Plus\FWService.exe
C:\Arquivos de programas\RALINK\Common\RalinkRegistryWriter.exe
C:\ARQUIV~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Arquivos de programas\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Arquivos de programas\Arquivos comuns\Siemens\S7IEPG\s7oiehsx.exe
C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Arquivos de programas\Arquivos comuns\Siemens\sws\almsrv\almsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Siemens\S7ubtoox\s7ubtstx.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Arquivos de programas\PC Tools Firewall Plus\FirewallGUI.exe
C:\Arquivos de programas\PC Tools AntiVirus\PCTAV.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe
C:\Arquivos de programas\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe
C:\Arquivos de programas\Arquivos comuns\Siemens\Sqlany\dbsrv7.exe
C:\Arquivos de programas\DAP\DAP.EXE
C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Arquivos de programas\FasLink\FasLinkAgent.exe
C:\ARQUIV~1\NetJet\NJPRIN~2.EXE
C:\Arquivos de programas\Hamachi\hamachi.exe
C:\ARQUIV~1\NetJet\IJStg.exe
C:\Arquivos de programas\Borland\Delphi7\Bin\delphi32.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dpitec.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [S7UB Start] "C:\Arquivos de programas\Arquivos comuns\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [\\192.168.0.10\EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P38 "\\192.168.0.10\EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - HKLM\..\Run: [00PCTFW] "C:\Arquivos de programas\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [PCTAVApp] "C:\Arquivos de programas\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CognexOpc] "C:\Arquivos de programas\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe" -I
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FasLink.lnk = C:\Arquivos de programas\FasLink\FasLinkAgent.exe
O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1247605763265
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O23 - Service: ACT! Scheduler - Unknown owner - C:\Arquivos de programas\ACT\Act for Windows\Act.Scheduler.exe (file missing)
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Arquivos de programas\Arquivos comuns\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cognex OPC Server (Cognex.InSight.OpcServer) - Cognex Corporation - C:\Arquivos de programas\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Arquivos de programas\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Arquivos de programas\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Arquivos de programas\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Arquivos de programas\PC Tools Firewall Plus\FWService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Unknown owner - c:\arquivos de programas\arquivos comuns\protexis\license service\psiservice_2.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Arquivos de programas\RALINK\Common\RalinkRegistryWriter.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Arquivos de programas\Arquivos comuns\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\ARQUIV~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Arquivos de programas\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Arquivos de programas\Arquivos comuns\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: ThreatFire - Unknown owner - C:\Arquivos de programas\ThreatFire\TFService.exe (file missing)

--
End of file - 13919 bytes


Complementando o tópico, No dia 16/09 rodei o AVAST em modo de inicialização com o seguinte resultado:

* Relatório do avast!
* Este arquivo é gerado automaticamente
*
* Foi usada a tarefa 'Proteção residente'
* Iniciada em quarta-feira, 16 de setembro de 2009 23:32:13
* VPS: 090916-0, 16/09/2009
*

C:\Qoobox\Quarantine\C\Muestras\111WFS1INTWQ.SYS.Muestra EliBagle v12.78.vir [L] Win32:Beagle-AAW [Trj] (0)
O arquivo foi excluído com sucesso...
C:\Qoobox\Quarantine\C\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.78.vir [L] Win32:Rootkit-gen [Rtk] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP221\A0069624.exe [L] Win32:Rootkit-gen [Rtk] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP225\A0069750.sys [L] Win32:Beagle-AAW [Trj] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP225\A0069830.sys [L] Win32:Beagle-AAW [Trj] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP225\A0069855.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP225\A0069856.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP225\A0069857.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP225\A0069955.sys [L] Win32:Beagle-AAW [Trj] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP225\A0069958.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP225\A0069960.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP225\A0069961.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070031.sys [L] Win32:Beagle-AAW [Trj] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070036.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070038.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070039.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070447.sys [L] Win32:Beagle-AAW [Trj] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070450.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070452.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070453.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070487.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070491.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070492.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070494.exe [L] Win32:Trojan-gen {Other} (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070495.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070496.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070497.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070498.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070499.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070500.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070501.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070502.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070503.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070504.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070505.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070506.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070507.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070509.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070510.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070511.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070512.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070513.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070514.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070515.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070516.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070517.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070518.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070519.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070520.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070521.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070522.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070523.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070524.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070525.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070508.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070526.exe [L] Win32:Beagle-AHD [Wrm] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP226\A0070772.sys [L] Win32:Beagle-AAW [Trj] (0)
O arquivo foi excluído com sucesso...
C:\System Volume Information\_restore{F7BE0C8C-E017-4334-A78C-180B12341FD0}\RP227\A0070834.exe [L] Win32:Rootkit-gen [Rtk] (0)
O arquivo foi excluído com sucesso...


Finalmente, para complementar as informações. No dia 17/09 eu rodei o ComboFix também, com o resultado que mostrarei abaixo.

Espero ter dado as informações necessárias para um diagnóstico pelo qual já gradeço antecipadamente.

Paulo Berti.


ComboFix 09-09-16.05 - paulo 17/09/2009 8:50.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1014.285 [GMT -3:00]
Executando de: c:\documents and settings\paulo\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090916-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\MSDN\9.0\1033\ResourceCache.dll
c:\documents and settings\All Users\Dados de aplicativos\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
c:\documents and settings\All Users\Dados de aplicativos\Microsoft\VSA\9.0\1033\ResourceCache.dll
c:\windows\3PUPRPPPPPfmis
c:\windows\3PUPRPPPPPfmis0000000000000000000.DLL
c:\windows\Installer\2fc5a.msi
c:\windows\Installer\7a4ed.msi
c:\windows\jestertb.dll
c:\windows\system32\3PUPRPPPPPfmis
c:\windows\system32\3PUPRPPPPPfmis0000000000000000000.DLL
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-17 to 2009-09-17 ))))))))))))))))))))))))))))
.

2009-09-17 09:38 . 2009-09-17 09:38 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security
2009-09-17 02:36 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-17 02:36 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-17 02:36 . 2009-09-17 02:36 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-09-17 01:40 . 2009-09-17 01:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-09-17 01:40 . 2009-09-17 01:53 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy
2009-09-17 01:21 . 2009-09-17 01:21 -------- d-----w- c:\arquivos de programas\Safer Networking
2009-09-13 13:28 . 2009-09-13 13:28 4930 ----a-w- c:\windows\system32\drivers\hwinterface32B01.sys
2009-09-13 12:19 . 2009-09-13 12:19 3026 ----a-w- c:\windows\system32\drivers\hwinterface.sys
2009-09-11 22:58 . 2009-09-11 22:58 53760 ----a-w- c:\documents and settings\paulo\z.dll
2009-09-11 22:58 . 2009-09-11 22:58 53760 ----a-w- c:\windows\system32\z.dll
2009-09-10 14:51 . 2009-09-10 14:51 -------- d-----w- c:\documents and settings\paulo\.netbeans-derby
2009-09-10 14:48 . 2009-09-10 14:51 -------- d-----w- c:\documents and settings\paulo\.netbeans
2009-09-10 14:48 . 2009-09-10 14:48 -------- d-----w- c:\documents and settings\paulo\.netbeans-registration
2009-09-10 14:46 . 2009-09-10 14:48 -------- d-----w- c:\arquivos de programas\NetBeans 6.7.1
2009-09-10 14:45 . 2009-09-10 14:45 -------- d-----w- c:\arquivos de programas\Sun
2009-09-10 14:40 . 2009-09-10 14:49 -------- d-----w- c:\documents and settings\paulo\.nbi
2009-09-08 10:45 . 2009-09-08 10:45 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-04 18:25 . 2009-09-08 10:45 -------- d-----w- c:\arquivos de programas\Minimodem USB
2009-08-27 22:30 . 2005-01-14 14:01 21536 ----a-w- c:\windows\system32\drivers\s7oupc2x.sys
2009-08-27 22:30 . 2005-01-14 14:02 32768 ----a-w- c:\windows\system32\s7ocop2x.dll
2009-08-26 18:01 . 2009-08-26 20:25 -------- d-----w- c:\arquivos de programas\BAR-ONE 6 Lite
2009-08-26 17:59 . 2009-08-26 17:59 -------- d-----w- C:\B1LiteInstall
2009-08-26 17:56 . 2009-08-26 17:56 -------- d-----w- C:\My Documents
2009-08-26 17:56 . 2009-08-26 17:56 -------- d-----w- c:\arquivos de programas\Zebra
2009-08-22 14:48 . 2009-08-22 14:48 -------- d-----w- c:\arquivos de programas\SpeedBit Video Accelerator
2009-08-22 14:39 . 2009-09-17 11:29 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-08-22 14:38 . 2009-08-22 14:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit
2009-08-22 14:38 . 2009-08-22 14:46 -------- d-----w- c:\arquivos de programas\DAP

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 12:02 . 2009-03-29 13:13 608000 ----a-w- c:\documents and settings\paulo\events.bin
2009-09-17 12:00 . 2008-12-23 19:41 -------- d-----w- c:\documents and settings\paulo\Dados de aplicativos\Hamachi
2009-09-17 03:00 . 2008-11-06 23:50 -------- d-----w- c:\arquivos de programas\LogMeIn
2009-09-10 14:45 . 2009-04-28 20:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-10 14:45 . 2009-04-28 20:25 -------- d-----w- c:\arquivos de programas\Java
2009-09-08 10:51 . 2008-11-06 23:50 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-09-08 10:51 . 2008-11-06 23:50 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-09-08 10:51 . 2008-10-16 22:35 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-08 10:51 . 2008-11-06 23:50 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-08 10:51 . 2008-10-16 22:35 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-08 10:44 . 2009-04-23 16:53 -------- d-----w- c:\arquivos de programas\OxelonMedia
2009-09-04 18:25 . 2008-02-01 15:45 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-09-04 13:50 . 2008-11-23 13:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-09-02 18:15 . 2008-07-26 11:52 -------- d-----w- c:\arquivos de programas\Cognex
2009-09-01 22:41 . 2009-01-28 21:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Cognex
2009-08-28 22:13 . 2008-02-02 16:01 -------- d-----w- c:\arquivos de programas\Deephi 2.0
2009-08-27 22:29 . 2009-03-28 16:22 -------- d-----w- c:\arquivos de programas\Siemens
2009-08-26 23:58 . 2009-04-06 16:09 -------- d-----w- c:\documents and settings\paulo\Dados de aplicativos\uTorrent
2009-08-26 23:12 . 2008-02-02 16:03 -------- d-----w- c:\arquivos de programas\Deephi
2009-08-23 11:29 . 2009-05-28 21:24 -------- d-----w- c:\documents and settings\paulo\Dados de aplicativos\Dev-Cpp
2009-08-21 13:36 . 2009-08-10 18:44 -------- d-----w- c:\documents and settings\paulo\Dados de aplicativos\FileZilla
2009-08-20 18:22 . 2009-01-18 22:19 -------- d-----w- c:\documents and settings\paulo\Dados de aplicativos\Roxio
2009-08-18 16:40 . 2009-08-10 18:43 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client
2009-08-17 16:10 . 2009-07-21 00:04 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-07-21 00:04 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-07-21 00:04 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-07-21 00:04 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-07-21 00:04 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-07-21 00:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-07-21 00:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-07-21 00:04 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-07-21 00:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 14:01 . 2009-06-01 20:12 -------- d-----w- c:\arquivos de programas\NetJet
2009-08-11 19:05 . 2008-03-23 15:15 -------- d-----w- c:\arquivos de programas\Delphi Dev
2009-08-07 15:45 . 2009-08-07 15:45 -------- d-----w- c:\documents and settings\paulo\Dados de aplicativos\Cognex
2009-08-04 13:59 . 2009-08-04 13:59 -------- d-----w- c:\arquivos de programas\Mep Texto Open
2009-07-31 21:03 . 2009-07-31 20:38 -------- d-----w- c:\arquivos de programas\LeaderGL_FlexEditor
2009-07-31 13:52 . 2009-07-31 13:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BVRP Software
2009-07-31 13:45 . 2009-07-31 13:34 -------- d-----w- c:\arquivos de programas\Motorola Phone Tools
2009-07-31 13:41 . 2009-07-31 13:36 -------- d-----w- c:\arquivos de programas\Avanquest update
2009-07-31 13:33 . 2009-07-31 13:33 24192 ----a-w- c:\documents and settings\paulo\usbsermptxp.sys
2009-07-31 13:33 . 2009-07-31 13:33 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys
2009-07-31 13:33 . 2009-07-31 13:33 22768 ----a-w- c:\documents and settings\paulo\usbsermpt.sys
2009-07-28 18:03 . 2009-07-28 18:03 -------- d-----w- c:\arquivos de programas\Opera
2009-07-23 21:13 . 2009-07-23 21:13 636768 ----a-w- C:\VirtualExpander_v25.exe
2009-07-23 12:53 . 2009-07-23 12:53 -------- d-----w- c:\arquivos de programas\EPSON
2009-07-23 00:09 . 2009-07-23 00:08 7945496 ----a-w- C:\Firefox Setup 3.5.1.exe
2009-07-20 23:59 . 2009-07-20 20:18 360480 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-20 23:59 . 2009-07-20 20:18 3360 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-20 23:59 . 2009-07-20 20:18 2046496 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-20 23:59 . 2009-07-20 20:18 18116 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-20 22:06 . 2001-09-28 12:00 615520 ----a-w- c:\windows\system32\perfh016.dat
2009-07-20 22:06 . 2001-09-28 12:00 139608 ----a-w- c:\windows\system32\perfc016.dat
2009-07-20 22:03 . 2009-07-20 22:03 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-20 21:50 . 2009-04-23 16:25 -------- d-----w- c:\arquivos de programas\MediaXW
2009-07-20 21:39 . 2009-07-20 20:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2009-07-20 21:33 . 2009-07-20 20:15 -------- d--h--w- c:\documents and settings\paulo\Dados de aplicativos\drivers
2009-07-20 20:36 . 2008-01-29 20:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-07-20 20:36 . 2009-07-20 20:19 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-20 20:36 . 2009-07-20 20:19 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-20 20:31 . 2009-07-20 20:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion
2009-07-20 20:18 . 2009-07-20 20:18 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2009-07-20 20:13 . 2008-11-02 13:34 -------- d-----w- c:\documents and settings\paulo\Dados de aplicativos\Yahoo!
2009-07-20 20:13 . 2009-07-20 17:50 -------- d-----w- c:\arquivos de programas\Yahoo!
2009-07-20 20:13 . 2009-07-20 19:45 -------- d-----w- c:\arquivos de programas\CCleaner
2009-07-20 19:26 . 2000-06-08 16:15 50176 ----a-w- c:\windows\LogWatNT.exe
2009-07-20 19:23 . 2009-07-20 19:23 -------- d-----w- c:\documents and settings\paulo\Dados de aplicativos\Malwarebytes
2009-07-20 19:23 . 2009-07-20 19:23 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-07-20 18:15 . 2009-07-04 16:30 -------- d-----w- c:\arquivos de programas\SisConMed
2009-07-20 17:45 . 2009-07-20 14:30 -------- d-----w- c:\arquivos de programas\DreaMule
2009-07-20 17:36 . 2009-07-20 17:36 -------- d-----w- c:\arquivos de programas\Alwil Software
2009-07-20 17:22 . 2009-07-20 15:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8
2009-07-20 17:18 . 2009-07-20 14:20 -------- d-----w- c:\arquivos de programas\eMule
2009-07-20 17:07 . 2009-07-20 17:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2009-07-20 16:11 . 2009-07-20 16:11 -------- d-----w- c:\documents and settings\paulo\Dados de aplicativos\Lavasoft
2009-07-20 15:54 . 2009-07-20 15:54 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\AVGTOOLBAR
2009-07-20 15:51 . 2009-07-20 15:51 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Roxio
2009-07-20 15:14 . 2009-07-20 15:14 -------- d-----w- c:\documents and settings\paulo\Dados de aplicativos\AVGTOOLBAR
2009-07-04 22:22 . 2009-07-04 14:30 331776 ------w- c:\windows\Setup1.exe
2009-07-04 22:22 . 2009-07-04 14:30 119568 ------w- c:\windows\vb6es.dll
2009-07-04 22:22 . 2009-07-04 14:30 74240 ----a-w- c:\windows\ODEUNST.EXE
2009-07-04 22:22 . 2009-07-04 14:30 151622 ------w- c:\windows\modcas.dll
2009-07-04 22:22 . 2009-07-04 14:30 1388544 ------w- c:\windows\msvbvm60.dll
2009-07-04 22:22 . 2009-07-04 14:30 101888 ------w- c:\windows\odestkit.dll
2009-07-04 21:36 . 2009-07-04 21:36 278448 ----a-w- c:\windows\ilib31ht.dll
2008-04-01 01:16 . 2008-04-01 01:16 14298 ----a-w- c:\arquivos de programas\settings.dat
2006-12-29 17:15 . 2009-03-02 19:08 3100672 ----a-w- c:\arquivos de programas\Arquivos comuns\sapxlhelper.dll
2006-12-29 17:15 . 2009-03-02 19:08 626688 ----a-w- c:\arquivos de programas\Arquivos comuns\sapconsaccess.dll
2006-12-29 17:15 . 2009-03-02 19:08 192512 ----a-w- c:\arquivos de programas\Arquivos comuns\sapconsr3.dll
2006-12-29 17:15 . 2009-03-02 19:08 40960 ----a-w- c:\arquivos de programas\Arquivos comuns\DigitalSignature.ocx
2006-12-07 12:26 . 2009-03-02 19:08 1124864 ----a-w- c:\arquivos de programas\Arquivos comuns\SAPActiveXL_nosig.xlt
2006-12-07 12:26 . 2009-03-02 19:08 1129984 ----a-w- c:\arquivos de programas\Arquivos comuns\SAPActiveXL.xlt
2007-08-09 16:08 . 2008-04-18 08:57 8784 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 16:10 . 2008-04-18 08:57 245408 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\unicows.dll
2009-08-22 14:38 . 2009-08-23 11:08 251392 ----a-w- c:\arquivos de programas\opera\program\plugins\dapop.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CognexOpc"="c:\arquivos de programas\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe" [2008-09-11 86016]
"SysBrand"="c:\arquiv~1\iGv6\sysbrand.exe" [2004-12-08 36864]
"DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2009-08-22 2799104]
"SpeedBitVideoAccelerator"="c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-08-22 1443432]
"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-27 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-27 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-27 118784]
"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"RoxioEngineUtility"="c:\arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"RoxioDragToDisc"="c:\arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 757760]
"RoxioAudioCentral"="c:\arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
"S7UB Start"="c:\arquivos de programas\Arquivos comuns\Siemens\S7ubtoox\s7ubtstx.exe" [2003-12-18 110645]
"\\192.168.0.10\EPSON Stylus C67 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE" [2005-01-25 98304]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-09-10 149280]
"Internet Explorer"="c:\arquivos de programas\internet explorer\ie\iexplore.exe" [2009-09-11 100864]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-14 16050176]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2006-01-19 544768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\paulo\Menu Iniciar\Programas\Inicializar\
FasLink.lnk - c:\arquivos de programas\FasLink\FasLinkAgent.exe [2007-1-4 98304]
hamachi.lnk - c:\arquivos de programas\Hamachi\hamachi.exe [2008-12-23 625952]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Ralink Wireless Utility.lnk - c:\arquivos de programas\RALINK\Common\RaUI.exe [2008-3-25 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-08 10:51 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\OpcEnum.exe"=
"c:\\Arquivos de programas\\Rockwell Software\\RSLINX\\RSLINX.EXE"=
"c:\\Arquivos de programas\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Siemens\\SQLANY\\dbsrv7.exe"=
"c:\\Arquivos de programas\\Siemens\\Step7\\S7BIN\\S7tgtopx.exe"=
"c:\\Arquivos de programas\\Siemens\\Step7\\S7INF\\S7usiapx.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\paulo\\Meus documentos\\Downloads\\Adobe_Dreamweaver_CS4 + CRACK\\Adobe_Dreamweaver_CS4 + CRACK.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\arquivos de programas\\internet explorer\\ie\\iexplore.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:Port 135 TCP

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [04/08/2005 17:51 34144]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [19/12/2005 00:15 28800]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/07/2009 21:04 114768]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [13/09/2009 09:19 3026]
R1 hwinterface32B01;hwinterface32B01;c:\windows\system32\drivers\hwinterface32B01.sys [13/09/2009 10:28 4930]
R2 almservice;Automation License Manager Service;c:\arquivos de programas\Arquivos comuns\Siemens\SWS\almsrv\almsrvx.exe [21/07/2005 11:40 622654]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/07/2009 21:04 20560]
R2 Cognex.InSight.OpcServer;Cognex OPC Server;c:\arquivos de programas\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe [10/09/2008 23:46 28672]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [28/03/2009 13:47 30224]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [24/07/2008 17:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [06/11/2008 20:50 47640]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [10/02/2007 04:29 29178224]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\arquivos de programas\RALINK\Common\RalinkRegistryWriter.exe [14/07/2009 19:23 75040]
R2 s7asysvx;S7 Global Services;c:\arquivos de programas\Siemens\Step7\S7BIN\s7asysvx.exe [26/07/2004 20:13 69685]
R2 s7oiehsx;SIMATIC IEPG Help Service;c:\arquivos de programas\Arquivos comuns\Siemens\S7IEPG\s7oiehsx.exe [14/07/2005 17:07 200769]
R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7osmcax.sys [14/07/2005 09:29 175159]
R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [28/03/2009 13:52 70912]
R2 scpdrv;scpdrv;c:\arquivos de programas\Arquivos comuns\Siemens\SWS\plugins\scp\scpdrv.sys [14/10/2003 01:44 26944]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]
S2 ACT! Scheduler;ACT! Scheduler;"c:\arquivos de programas\ACT\Act for Windows\Act.Scheduler.exe" --> c:\arquivos de programas\ACT\Act for Windows\Act.Scheduler.exe [?]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [04/09/2009 15:21 81920]
S2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [08/06/2000 13:15 50176]
S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [03/06/2004 04:08 71448]
S3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\drivers\HSPADataCardusbmdm.sys [10/04/2009 18:53 104960]
S3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\drivers\HSPADataCardusbnmea.sys [10/04/2009 18:53 104960]
S3 HSPADataCardusbser6k;HSPADataCard Diagnostic Port;c:\windows\system32\drivers\HSPADataCardusbser6k.sys [10/04/2009 18:53 104960]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [14/07/2009 19:23 16512]
S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [03/06/2004 04:08 142592]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [03/06/2004 04:08 30166]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [03/06/2004 04:08 155440]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [18/10/2002 01:34 30512]
S3 S7OUPC2X;SIMATIC PC Adapter USB Driver;c:\windows\system32\drivers\s7oupc2x.sys [27/08/2009 19:30 21536]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.dpitec.com.br/
mSearch Bar = hxxp://farejador.ig.com.br/ie/
IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm
IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\arquiv~1\SPEEDB~1\sblsp.dll
FF - ProfilePath - c:\documents and settings\paulo\Dados de aplicativos\Mozilla\Firefox\Profiles\10d9vobv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dpitec.com.br
FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\documents and settings\paulo\Dados de aplicativos\Mozilla\Firefox\Profiles\10d9vobv.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\paulo\Dados de aplicativos\Mozilla\Firefox\Profiles\10d9vobv.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-Act.Outlook.Service - c:\arquivos de programas\ACT\Act for Windows\Act.Outlook.Service.exe
HKLM-Run-Act! Preloader - c:\arquivos de programas\ACT\Act for Windows\ActSage.exe
HKLM-Run-Discador iG - c:\arquivos de programas\iGv6\Discador iG.exe
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0416.EXE -fc:\arquivos de programas\Adobe\Photoshop 7.0\Uninst.isu
AddRemove-GRAPH 7 - c:\windows\IsUninst.exe -fc:\arquivos de programas\Siemens\Step7\S7gr7\DeIsL1.isu
AddRemove-InstallShield_{0E99D7D9-A9A8-497A-9982-AB7ABA3841F8} - c:\arquivos de programas\InstallShield Installation Information\{0E99D7D9-A9A8-497A-9982-AB7ABA3841F8}\setup.exe
AddRemove-PC Adapter USB - c:\windows\IsUninst.exe -fc:\arquivos de programas\SIEMENS\PC Adapter USB\DeIsL1.isu
AddRemove-PLCSim - c:\windows\IsUninst.exe -fc:\arquivos de programas\Siemens\Plcsim\S7WSI\DeIsL1.isu
AddRemove-SCL - c:\windows\IsUninst.exe -fc:\arquivos de programas\Siemens\Step7\S7scl\DeIsL1.isu
AddRemove-SisConMed - c:\arquivos de programas\SisConMed\uninstall.exe
AddRemove-vbcpp40 - c:\windows\ISUNINST.EXE -fc:\inprise\vbroker\vbcppdev.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-17 09:02
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(944)
c:\arquiv~1\SPEEDB~1\sblsp.dll
c:\arquivos de programas\SpeedBit Video Accelerator\ConfigDB.dll
c:\arquivos de programas\SpeedBit Video Accelerator\Accelerator.dll
c:\arquivos de programas\SpeedBit Video Accelerator\CommPipe.dll
c:\arquivos de programas\SpeedBit Video Accelerator\Collector.dll
.
Tempo para conclusão: 2009-09-17 9:05
ComboFix-quarantined-files.txt 2009-09-17 12:05
ComboFix2.txt 2009-07-20 21:48

Pré-execução: 5.889.994.752 bytes disponíveis
Pós execução: 5.847.597.056 bytes disponíveis

355 --- E O F --- 2009-04-16 10:18





IPB Skin By Virteq