[Resolvido!] Máquina muito lenta

Tigre13 · Dezembro 8, 2008

Olá,

Demora muito para inicilalizar e desligar, além estar muito, muito, muito lenta para abrir qualquer programa que presico usar, já estou enviando o log do hijack, conforme regra 02.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:18:29, on 8/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\PaperCut Print Logger\pcpl.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\csrcs.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Microsoft Money\System\reminder.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\SpeedFan\speedfan.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJack\HiJackThis.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\net.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-21-57989841-1614895754-725345543-1003\..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe (User '?')

O4 - HKUS\S-1-5-21-57989841-1614895754-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-57989841-1614895754-725345543-1003\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (User '?')

O4 - Global Startup: SpeedFan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{56A482EE-889F-4B5A-97D5-F22A86B01873}: NameServer = 192.168.1.254

O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\fci.exe.exe:ext.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: PaperCut Print Logger (PCPrintLogger) - GenevaLogic Ltd - C:\Arquivos de programas\PaperCut Print Logger\pcpl.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - (no file)

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--

End of file - 9489 bytes

MGuitar · Dezembro 8, 2008

1ª Etapa

Execute o HijackThis e clique em Open the Misc Tools Section. Clique no botão Delete an NT Service. Na caixa que abrir digite: FCI e aperte o botão OK. Reinicie a máquina.

2ª Etapa

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis.

Tigre13 · Dezembro 8, 2008

Olá, já executei sua solicitação, segue abaixo log do ComboFix e novo do HiJack

ComboFix 08-12-07.01 - DOIS 2008-12-08 17:41:12.1 - FAT32x86

Executando de: c:\documents and settings\DOIS\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\ActivationManager

c:\arquivos de programas\ActivationManager\Uninstall.exe

c:\windows\system32\AutoRun.inf

c:\windows\system32\csrcs.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_FCI

-------\Service_FCI

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-08 to 2008-12-08 ))))))))))))))))))))))))))))

.

2008-12-08 17:25 . 2008-12-08 17:25 93 --a------ c:\windows\wininit.ini

2008-12-08 15:17 . 2008-12-08 15:17 <DIR> d-------- C:\HiJack

2008-12-07 19:46 . 2008-12-07 19:46 162,308 --a------ C:\ysini.exe

2008-12-07 19:46 . 2008-12-07 19:46 135,936 --a------ c:\windows\system32\drivers\ethyscsp.sys

2008-12-07 19:46 . 2008-12-07 19:46 3,584 --a------ c:\windows\vcvybxmm.exe

2008-12-07 19:45 . 2008-12-07 19:45 88,064 --a------ C:\tirwv.exe

2008-12-07 19:45 . 2008-12-07 19:45 9,728 --a------ c:\windows\system32\ub.exe

2008-12-03 20:44 . 2008-12-03 20:44 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-02 17:52 . 2008-12-02 17:52 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-12-02 17:52 . 2008-12-02 17:52 <DIR> d-------- c:\arquivos de programas\Spybot - Search & Destroy

2008-12-01 10:46 . 2008-12-01 10:46 705 --a------ C:\mggiu.exe

2008-11-30 13:16 . 2008-11-30 13:16 420,596 --a------ c:\windows\system32\cftm.exe

2008-11-30 12:57 . 2008-11-30 12:57 0 -rahs---- C:\khr

2008-11-27 17:07 . 2008-11-27 17:07 29 --a------ c:\windows\system32\qpwaarsq.tmp

2008-11-27 17:00 . 2008-12-01 10:46 705 --a------ C:\kuvj.exe

2008-11-27 17:00 . 2008-12-07 19:46 2 --a------ C:\1171739473

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-04 16:35 2,776 --sha-w c:\windows\system32\KGyGaAvL.sys

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys

2008-10-19 23:42 87,352 ----a-w c:\windows\system32\LMIinit.dll

2008-10-19 23:42 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll

2008-10-19 23:42 47,640 ----a-w c:\windows\system32\drivers\LMIRfsDriver.sys

2008-10-19 23:42 28,984 ----a-w c:\windows\system32\LMIport.dll

2008-10-19 23:42 23,736 ----a-w c:\windows\system32\LMImirr.dll

2008-10-19 23:42 10,040 ----a-w c:\windows\system32\LMImirr2.dll

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-15 16:59 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll

2008-10-03 16:26 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll

2008-09-30 18:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-15 14:40 1,846,144 ----a-w c:\windows\system32\win32k.sys

2008-09-15 14:40 1,846,144 ----a-w c:\windows\system32\dllcache\win32k.sys

2006-10-12 19:17 3,072 ----a-w c:\arquivos de programas\mozilla firefox\plugins\ractrlkeyhook.dll

2006-02-13 14:07 245,408 ----a-w c:\arquivos de programas\mozilla firefox\plugins\unicows.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Reminder"="c:\arquivos de programas\Microsoft Money\System\reminder.exe" [1998-07-25 36864]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]

"ccApp"="c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2006-03-07 53408]

"vptray"="c:\arquiv~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-12-03 136600]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

SpeedFan.lnk - c:\arquivos de programas\SpeedFan\speedfan.exe [2005-09-13 2469376]

VIA RAID TOOL.lnk - c:\arquivos de programas\VIA\RAID\raid_tool.exe [2008-02-08 565248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\arquiv~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-19 21:42 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"msacm.l3fhg"= mp3fhg.acm

"msacm.imc"= imc32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Azureus.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Azureus.lnk

backup=c:\windows\pss\Azureus.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

--a------ 2004-12-14 02:12 483328 c:\arquivos de programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]

--a------ 2002-10-01 15:57 94208 c:\arquivos de programas\CyberLink\PowerVCRII\agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2005-10-28 16:25 94208 c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

--a------ 2004-03-12 22:43 81920 c:\arquivos de programas\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]

--a------ 2004-10-22 15:18 278016 c:\arquivos de programas\DVD Region+CSS Free\DVDRegionFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 16:30 249856 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 16:30 81920 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2008-02-25 22:23 443968 c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-05-02 18:55 282624 c:\arquivos de programas\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]

--a------ 2002-10-07 10:35 32768 c:\arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

--a------ 2003-05-05 08:57 143360 c:\arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

--a------ 2005-07-15 19:48 479232 c:\arquivos de programas\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Azureus\\Azureus.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-12-08 c:\windows\Tasks\XoftSpy.job

- c:\arquivos de programas\XoftSpy\XoftSpy.exe [2005-07-06 16:53]

2008-12-05 c:\windows\Tasks\1-Click Maintenance.job

- c:\arquivos de programas\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]

.

- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-MSMSGS - c:\arquivos de programas\Messenger\msmsgs.exe

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Converter destino de link em Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter destino de link em PDF existente - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter em Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter em PDF existente - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter links selecionados em Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Converter links selecionados em PDF existente - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Converter seleção em Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter seleção em PDF existente - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {56A482EE-889F-4B5A-97D5-F22A86B01873} = 192.168.1.254

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}

hxxp://game06.zylom.com/activex/zylomgamesplayer.cab

c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf

FireFox -: Profile - c:\documents and settings\DOIS\Dados de aplicativos\Mozilla\Firefox\Profiles\2uy7ouar.default\

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-08 17:46:06

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1312)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\ARQUIVOS COMUNS\SYMANTEC SHARED\CCSETMGR.EXE

c:\arquivos de programas\ARQUIVOS COMUNS\SYMANTEC SHARED\CCEVTMGR.EXE

c:\arquivos de programas\ARQUIVOS COMUNS\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE

c:\arquivos de programas\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE

c:\arquivos de programas\SYMANTEC ANTIVIRUS\DEFWATCH.EXE

c:\arquivos de programas\JAVA\JRE6\BIN\JQS.EXE

c:\arquivos de programas\LOGMEIN\X86\RAMAINT.EXE

c:\arquivos de programas\LOGMEIN\X86\LOGMEIN.EXE

c:\arquivos de programas\LOGMEIN\X86\LMIGUARDIAN.EXE

c:\arquivos de programas\PAPERCUT PRINT LOGGER\PCPL.EXE

c:\arquivos de programas\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE

c:\arquivos de programas\SYMANTEC ANTIVIRUS\RTVSCAN.EXE

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\LOGMEIN\X86\LMIGUARDIAN.EXE

.

**************************************************************************

.

Tempo para conclusão: 2008-12-08 17:48:50 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-12-08 19:48:48

Pré-execução: 15 pasta(s) 63.193.546.752 bytes disponíveis

Pós execução: 15 pasta(s) 63,182,897,152 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

207 --- E O F --- 2008-11-15 12:35:09

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:52:44, on 8/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\PaperCut Print Logger\pcpl.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Microsoft Money\System\reminder.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\SpeedFan\speedfan.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\explorer.exe