[Resolvido!] Máquina muito lenta

[Tigre13 0]

Olá,

 

Segue somente o log do MoveIt, pois o arquivo ayu9e8sz.sys para analisar no VirusTotal,

não foi encontrato mais no PC, procurei antes e depois do MoveIt e não localizou.

 

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder C:\Arquivos de programas\AdVantage not found.

File/Folder C:\Arquivos de programas\AdVantage\AdVantage.exe not found.

File/Folder Z:\ddtnvn.exe not found.

C:\FOUND.001 moved successfully.

C:\FOUND.000 moved successfully.

C:\windows\system32\cftm.exe moved successfully.

File/Folder C:\wttrqla.exe not found.

C:\Qoobox\LastRun moved successfully.

C:\Qoobox\TestC moved successfully.

C:\Qoobox\Test moved successfully.

C:\Qoobox\Quarantine\Registry_backups moved successfully.

C:\Qoobox\Quarantine moved successfully.

C:\Qoobox moved successfully.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Zero#ARQUIVOS (D)\\ deleted successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Um\CONFIG~1\Temp\etilqs_c7Q6zZeTAhqHAvk scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Um\CONFIG~1\Temp\Perflib_Perfdata_9ec.dat scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\windows\temp\Perflib_Perfdata_fc.dat scheduled to be deleted on reboot.

File delete failed. C:\windows\temp\vmware-vmount.log scheduled to be deleted on reboot.

File delete failed. C:\windows\temp\Perflib_Perfdata_7bc.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12132008_212944

 

Files moved on Reboot...

File C:\DOCUME~1\Um\CONFIG~1\Temp\etilqs_c7Q6zZeTAhqHAvk not found!

File C:\DOCUME~1\Um\CONFIG~1\Temp\Perflib_Perfdata_9ec.dat not found!

File C:\windows\temp\Perflib_Perfdata_fc.dat not found!

File move failed. C:\windows\temp\vmware-vmount.log scheduled to be moved on reboot.

C:\windows\temp\Perflib_Perfdata_7bc.dat moved successfully.

[MGuitar 11]

- Baixe o programa que upei no host aqui abaixo e salve-o em seu desktop:

http://rapidshare.com/files/173342457/OAD.exe.html

 

- Dê um duplo clique em OAD.exe e abrirá uma janela do MS-DOS para você;

- Digite, na janela que abriu, o comando abaixo (do jeito que está aí) e tecle Enter:

 

ayu9e8sz.sys

 

- Tecle 6 e dê um Enter. Aguarde;

- Será automaticamente aberto um log no bloco de notas para você. Este log estará também em C:\resultat.txt.

 

Cole este log em sua próxima resposta.

 

Delete a pasta C:\_OTMoveIt.

 

Faça um novo log do RSIT e cole-o em sua próxima resposta, juntamente com o resultat.txt.

[Tigre13 0]

Olá,

 

 

seg 15/12/2008 ---- 1:38:18,49

 

----------------------------------

§§§§§§ [ayu9e8sz.sys] §§§§§§

----------------------------------

[X] Registre

 

-------------- [ ] rapide

-- Fichier --- [ ] disque systeme

------------- [X] complete

 

 

********************

[Registre]

********************

 

Aucune entrée détectée

 

*******************

[Fichier]

*******************

 

 

 

*********************

[Même date]

*********************

 

Aucun fichier créé à la même date détecté

 

 

Outil Aide Diagnostic By !aur3n7 Version 1.1

----------------------------------

§§§§§ Fin Rapport §§§§§

----------------------------------

 

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by Um at 2008-12-15 01:42:25

Microsoft Windows XP Professional Service Pack 2

System drive C: has 9 GB (23%) free of 38 GB

Total RAM: 1023 MB (43% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:42:27, on 15/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\csrss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\windows\system32\spoolsv.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\windows\system32\nvsvc32.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Fábrica de Bits\ACORDA\acorda.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

C:\windows\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Microsoft Money\System\reminder.exe

C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\SpeedFan\speedfan.exe

C:\windows\System32\alg.exe

C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\explorer.exe

C:\windows\system32\NOTEPAD.EXE

C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Um\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\HiJack\Um.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [ACORDA] C:\Arquivos de programas\Fábrica de Bits\ACORDA\acorda.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: SpeedFan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe

O8 - Extra context menu item: Add to EverNote - res://C:\Arquivos de programas\EverNote\EverNote\enbar.dll/2000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll

O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = UM

O17 - HKLM\Software\..\Telephony: DomainName = UM

O17 - HKLM\System\CCS\Services\Tcpip\..\{3FC3B0ED-1D34-4E79-A979-0B23D10D35BF}: NameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = UM

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = UM

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = UM

O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = UM

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\windows\System32\TuneUpDefragService.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

 

--

End of file - 9999 bytes

 

======Scheduled tasks folder======

 

C:\windows\tasks\1-Click Maintenance.job

C:\windows\tasks\GoogleUpdateTaskUser.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2008-12-02 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2008-04-01 337992]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2008-12-02 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-02 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"=C:\windows\system32\HDAShCut.exe [2004-10-27 61952]

"SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]

"SoundMAX"=C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]

"ACORDA"=C:\Arquivos de programas\Fábrica de Bits\ACORDA\acorda.exe [2004-09-04 483328]

"ccApp"=C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe [2006-03-07 53408]

"vptray"=C:\ARQUIV~1\SYMANT~1\VPTray.exe [2006-03-17 124656]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2008-12-02 136600]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Reminder"=C:\Arquivos de programas\Microsoft Money\System\reminder.exe [1998-07-25 36864]

"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2004-08-04 15360]

"Google Update"=C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [2008-09-09 133104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Arquivos de programas\DAEMON Tools\daemon.exe [2007-08-16 167368]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]

C:\Arquivos de programas\DVD Region+CSS Free\DVDRegionFree.exe [2004-10-22 278016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe [2005-10-20 871936]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\windows\system32\dumprep 0 -k []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Arquivos de programas\Messenger\msmsgs.exe [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^KYESCAN.lnk]

C:\ARQUIV~1\ScannerU\KYESCAN.exe [2002-02-01 172032]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

SpeedFan.lnk - C:\Arquivos de programas\SpeedFan\speedfan.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2008-04-01 337992]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]

C:\windows\system32\LMIinit.dll [2007-11-15 87352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

C:\WINDOWS\system32\NavLogon.dll [2006-03-17 43760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\ARQUIV~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2008-04-01 337992]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:LocalSubNet:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\VideoLAN\VLC\vlc.exe"="C:\Arquivos de programas\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe"="C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:LocalSubNet:Disabled:@xpsp2res.dll,-22019"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

======List of files/folders created in the last 1 months======

 

2008-12-15 01:38:18 ----A---- C:\resultat.txt

2008-12-14 17:49:36 ----SHD---- C:\FOUND.000

2008-12-13 15:30:06 ----D---- C:\rsit

2008-12-13 00:16:55 ----D---- C:\ComboFix

2008-12-13 00:16:54 ----A---- C:\windows\system32\CF18637.exe

2008-12-13 00:06:36 ----A---- C:\windows\system32\CF16616.exe

2008-12-11 16:36:12 ----A---- C:\windows\ntbtlog.txt

2008-12-11 11:07:46 ----HD---- C:\windows\$NtUninstallKB952069_WM9$

2008-12-11 11:07:41 ----HD---- C:\windows\$NtUninstallKB955839$

2008-12-11 11:06:15 ----HD---- C:\windows\$NtUninstallKB954600$

2008-12-11 11:06:11 ----A---- C:\windows\imsins.BAK

2008-12-11 11:06:08 ----HD---- C:\windows\$NtUninstallKB956802$

2008-12-09 16:27:30 ----A---- C:\windows\system32\CF30496.exe

2008-12-09 16:09:57 ----A---- C:\windows\NIRCMD.exe

2008-12-09 16:09:50 ----D---- C:\KomboFix

2008-12-09 16:09:50 ----A---- C:\windows\system32\CF27038.exe

2008-12-09 16:03:19 ----A---- C:\windows\system32\CF25761.exe

2008-12-08 15:49:25 ----D---- C:\HiJack

2008-12-08 12:05:54 ----A---- C:\windows\wininit.ini

2008-12-04 16:57:50 ----A---- C:\windows\system32\CF1969.exe

2008-12-03 13:44:25 ----A---- C:\windows\system32\CF9606.exe

2008-12-03 13:42:45 ----SHD---- C:\windows\CSC

2008-12-03 13:38:28 ----A---- C:\windows\system32\CF8440.exe

2008-12-02 20:41:46 ----D---- C:\Documents and Settings\Um\Dados de aplicativos\WinRAR

2008-12-02 20:36:49 ----D---- C:\windows\ERUNT

2008-12-02 20:07:50 ----A---- C:\windows\system32\CF31960.exe

2008-12-02 19:05:35 ----A---- C:\windows\system32\CF19760.exe

2008-12-02 17:23:26 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-12-02 17:23:26 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy

2008-12-02 15:51:49 ----D---- C:\cmdcons

2008-12-02 15:49:29 ----A---- C:\windows\zip.exe

2008-12-02 15:49:29 ----A---- C:\windows\VFIND.exe

2008-12-02 15:49:29 ----A---- C:\windows\SWXCACLS.exe

2008-12-02 15:49:29 ----A---- C:\windows\SWSC.exe

2008-12-02 15:49:29 ----A---- C:\windows\SWREG.exe

2008-12-02 15:49:29 ----A---- C:\windows\sed.exe

2008-12-02 15:49:29 ----A---- C:\windows\grep.exe

2008-12-02 15:49:29 ----A---- C:\windows\fdsv.exe

2008-12-02 15:48:52 ----D---- C:\windows\ERDNT

2008-12-02 15:48:51 ----A---- C:\windows\system32\CF13984.exe

 

======List of files/folders modified in the last 1 months======

 

2008-12-14 02:49:04 ----A---- C:\windows\SchedLgU.Txt

2008-12-09 21:24:38 ----A---- C:\windows\system32\MRT.exe

2008-12-08 02:01:30 ----A---- C:\windows\NeroDigital.ini

2008-12-07 19:16:26 ----A---- C:\windows\DVDRegionFree.INI

2008-12-02 21:08:00 ----A---- C:\windows\system32\javaws.exe

2008-12-02 21:08:00 ----A---- C:\windows\system32\javaw.exe

2008-12-02 21:08:00 ----A---- C:\windows\system32\java.exe

2008-12-02 21:08:00 ----A---- C:\windows\system32\deploytk.dll

2008-11-29 16:24:32 ----RAH---- C:\windows\system32\cdplayer.exe.manifest

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\eeCtrl.sys []

R1 InCDPass;InCDPass; C:\windows\system32\drivers\InCDPass.sys [2005-10-14 29440]

R1 incdrm;InCD Reader; C:\windows\system32\drivers\InCDRm.sys [2005-10-14 22016]

R1 intelppm;Driver de Processador Intel; C:\windows\system32\DRIVERS\intelppm.sys [2004-08-04 40192]

R1 PQNTDrv;PQNTDrv; C:\windows\system32\drivers\PQNTDrv.sys [2002-09-16 4228]

R1 SAVRT;SAVRT; \??\C:\Arquivos de programas\Symantec AntiVirus\savrt.sys []

R1 SAVRTPEL;SAVRTPEL; \??\C:\Arquivos de programas\Symantec AntiVirus\Savrtpel.sys []

R1 SPBBCDrv;SPBBCDrv; \??\C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCDrv.sys []

R1 SYMTDI;SYMTDI; C:\windows\System32\Drivers\SYMTDI.SYS [2006-01-24 195776]

R2 BulkUsb;Genius ColorPage USB Scanner; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []

R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []

R2 VMnetBridge;VMware Bridge Protocol; C:\windows\system32\DRIVERS\vmnetbridge.sys [2007-05-01 28592]

R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []

R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []

R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []

R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vstor2.sys []

R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Arquivos de programas\VMware\VMware Workstation\vstor2-ws60.sys []

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2005-10-05 141312]

R3 AEAudioService;AEAudio Service; C:\windows\system32\drivers\AEAudio.sys [2005-03-04 127872]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\windows\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]

R3 lmimirr;lmimirr; C:\windows\system32\DRIVERS\lmimirr.sys [2007-08-03 10144]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\windows\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]

R3 NAVENG;NAVENG; \??\C:\ARQUIV~1\ARQUIV~1\SYMANT~1\VIRUSD~1\20081212.004\naveng.sys []

R3 NAVEX15;NAVEX15; \??\C:\ARQUIV~1\ARQUIV~1\SYMANT~1\VIRUSD~1\20081212.004\navex15.sys []

R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]

R3 SenFiltService;SenFilt Service; C:\windows\system32\drivers\Senfilt.sys [2005-08-11 393088]

R3 SymEvent;SymEvent; \??\C:\Arquivos de programas\Symantec\SYMEVENT.SYS []

R3 SYMREDRV;SYMREDRV; C:\windows\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]

R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []

R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\windows\system32\DRIVERS\vmnetadapter.sys [2007-05-01 16816]

R4 InCDfs;InCD File System; C:\windows\system32\drivers\InCDFs.sys [2005-10-14 101760]

S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys []

S3 akzkzpwr;akzkzpwr; C:\windows\system32\drivers\akzkzpwr.sys []

S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\Um\CONFIG~1\Temp\catchme.sys []

S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2004-10-27 145920]

S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

S4 LMIRfsClientNP;LMIRfsClientNP; C:\windows\system32\drivers\LMIRfsClientNP.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 ccEvtMgr;Symantec Event Manager; C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe [2006-03-07 192160]

R2 ccSetMgr;Symantec Settings Manager; C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe [2006-03-07 169632]

R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe [2006-03-17 30448]

R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [2005-10-14 670208]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-12-02 152984]

R2 NMSAccessU;NMSAccessU; C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]

R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2008-05-02 159812]

R2 SPBBCSvc;Symantec SPBBCSvc; C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-02-06 1160848]

R2 Symantec AntiVirus;Symantec AntiVirus; C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe [2006-03-17 1799408]

R2 UxTuneUp;TuneUp Theme Extension; C:\windows\System32\svchost.exe [2004-08-04 14336]

R2 VMAuthdService;VMware Authorization Service; C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe [2007-05-01 109360]

R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2007-05-01 121648]

R2 vmount2;VMware Virtual Mount Manager Extended; C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]

R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2007-05-01 150320]

S2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2008-04-01 46144]

S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 LiveUpdate;LiveUpdate; C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 SavRoam;SAVRoam; C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952]

S3 SNDSrvc;Symantec Network Drivers Service; C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe [2006-01-24 214720]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\windows\System32\TuneUpDefragService.exe [2008-05-20 306432]

S3 ufad-ws60;VMware Agent Service; C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe [2007-04-09 187184]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

 

-----------------EOF-----------------

[MGuitar 11]

Delete a ferramenta OAD e seu log resultat.txt.

 

Por favor, repita o scan online no Kaspersky (como passei anteriormente) e poste o relatório final do scan em sua próxima resposta.

[Tigre13 0]

Último relatório do Kaspersky

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Monday, December 15, 2008

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Monday, December 15, 2008 14:58:24

Records in database: 1462800

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

 

Scan statistics:

Files scanned: 77616

Threat name: 14

Infected objects: 23

Suspicious objects: 1

Duration of the scan: 01:41:09

 

 

File name / Threat name / Threats count

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4FEC86F3.VBN Infected: Packed.JS.Agent.n 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40000\4AFD8B82.VBN Infected: Backdoor.Win32.Rbot.ils 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA00000\4CFA495F.VBN Infected: Backdoor.Win32.Rbot.uks 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DFE4FF5.VBN Infected: Trojan-Dropper.Win32.Mudrop.du 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02140000\4B357F05.VBN Infected: Trojan.Win32.Autoit.fi 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F2C0000\4F3D67EB.VBN Infected: Trojan-Spy.Win32.Agent.cse 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F2C0001\4F3D67F4.VBN Infected: Trojan-Spy.Win32.Agent.cse 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D2C0005\4D3DB34D.VBN Infected: Trojan.Win32.Buzus.aavd 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D2C0006\4D3DB39B.VBN Infected: Trojan.Win32.Buzus.aavd 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0000\4FDDF785.VBN Infected: Trojan-Downloader.Win32.Agent.atru 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0002\4FDE0052.VBN Infected: Trojan-Downloader.Win32.Agent.atru 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0006\4FDE0079.VBN Infected: Trojan-Downloader.Win32.Agent.atru 1

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC000A\4FDE00A1.VBN Infected: Trojan-Downloader.Win32.Agent.atru 1

C:\System Volume Information\_restore{7861127C-E3B9-489F-A71F-9422B20404C2}\RP13\A0005910.exe Infected: Trojan.Win32.Autoit.fi 1

C:\Recycled\Dc2\MovedFiles\12132008_212944\FOUND.001\FILE0026.CHK Infected: EICAR-Test-File 1

C:\Recycled\Dc2\MovedFiles\12132008_212944\FOUND.000\FILE0006.CHK Infected: EICAR-Test-File 1

C:\Recycled\Dc2\MovedFiles\12132008_212944\windows\system32\cftm.exe Infected: Trojan.Win32.Autoit.gc 1

C:\KomboFix\N_\13700 Infected: EICAR-Test-File 1

D:\Backup\emails\Incred Mail 05-06-2008\IM\Identities\{89740109-BA9F-417F-9018-2AB3A53EAE9F}\Message Store\Message Store\Attachments\LogMeIn.zip Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1

D:\Backup\emails\Incred Mail 05-06-2008\IM\Identities\{89740109-BA9F-417F-9018-2AB3A53EAE9F}\Message Store\Message Store\Attachments\LogMeIn.zip Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.c 1

D:\Backup\emails\Outlook Express 02-05-2008\Caixa de entrada.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

D:\System Volume Information\_restore{7861127C-E3B9-489F-A71F-9422B20404C2}\RP13\A0005914.exe Infected: Trojan.Win32.Autoit.fi 1

D:\System Volume Information\_restore{7861127C-E3B9-489F-A71F-9422B20404C2}\RP13\A0005915.exe Infected: Trojan.Win32.Autoit.fj 1

E:\System Volume Information\_restore{7861127C-E3B9-489F-A71F-9422B20404C2}\RP13\A0005913.exe Infected: Trojan.Win32.Autoit.fi 1

 

The selected area was scanned.

[MGuitar 11]

Vá em Meu Computador e clique no menu Ferramentas > Opções de pasta > Modo de exibição. Marque a opção Mostrar pastas e arquivos ocultos e dê um OK. Vá na pasta Quarentine, destacada abaixo, e delete todos os arquivos dentro da pasta:

 

C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine

 

Vá em Iniciar > Executar, digite: sysdm.cpl e dê um OK. Clique na aba Restauração do Sistema e marque a opção Desativar restauração do sistema. Deixe esta opção marcada até terminarmos aqui.

 

● Execute a ferramenta OTMoveIt3 e copie este conteúdo abaixo para a janela do programa:

 

:FilesC:\Recycled\Dc2\MovedFilesC:\Recycled\Dc2\MovedFilesC:\Recycled\Dc2\MovedFilesC:\KomboFix:Commands [emptytemp][Reboot]

 

● Clique no botão MoveIt;

● Se aparecer uma mensagem para reiniciar o computador, reinicie-o;

● Na sua proxima resposta, copie e cole o todo o conteúdo que está em Results;

● Se o computador reiniciou, vá na pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

 

Cole também um novo log do RSIT.

[Tigre13 0]

Olá, aqui vai os novos relatórios:

 

========== FILES ==========

C:\Recycled\Dc2\MovedFiles\12132008_212944\Qoobox\Quarantine\Registry_backups moved successfully.

C:\Recycled\Dc2\MovedFiles\12132008_212944\Qoobox\Quarantine moved successfully.

C:\Recycled\Dc2\MovedFiles\12132008_212944\Qoobox\Test moved successfully.

C:\Recycled\Dc2\MovedFiles\12132008_212944\Qoobox\TestC moved successfully.

C:\Recycled\Dc2\MovedFiles\12132008_212944\Qoobox\LastRun moved successfully.

C:\Recycled\Dc2\MovedFiles\12132008_212944\Qoobox moved successfully.

C:\Recycled\Dc2\MovedFiles\12132008_212944\windows\temp moved successfully.

C:\Recycled\Dc2\MovedFiles\12132008_212944\windows\system32 moved successfully.

C:\Recycled\Dc2\MovedFiles\12132008_212944\windows moved successfully.

C:\Recycled\Dc2\MovedFiles\12132008_212944\FOUND.000 moved successfully.

C:\Recycled\Dc2\MovedFiles\12132008_212944\FOUND.001 moved successfully.

C:\Recycled\Dc2\MovedFiles\12132008_212944 moved successfully.

C:\Recycled\Dc2\MovedFiles moved successfully.

File/Folder C:\Recycled\Dc2\MovedFiles not found.

File/Folder C:\Recycled\Dc2\MovedFiles not found.

C:\KomboFix\N_ moved successfully.

C:\KomboFix moved successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Um\CONFIG~1\Temp\Perflib_Perfdata_9b0.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Um\CONFIG~1\Temp\etilqs_ToZjkLaydaML1Y1 scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Um\CONFIG~1\Temp\etilqs_2Cqet7WKNR3pOaO scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\windows\temp\Perflib_Perfdata_fc.dat scheduled to be deleted on reboot.

File delete failed. C:\windows\temp\vmware-vmount.log scheduled to be deleted on reboot.

File delete failed. C:\windows\temp\Perflib_Perfdata_d4.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

 

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12152008_202015

 

Files moved on Reboot...

File C:\DOCUME~1\Um\CONFIG~1\Temp\Perflib_Perfdata_9b0.dat not found!

File C:\DOCUME~1\Um\CONFIG~1\Temp\etilqs_ToZjkLaydaML1Y1 not found!

File C:\DOCUME~1\Um\CONFIG~1\Temp\etilqs_2Cqet7WKNR3pOaO not found!

File C:\windows\temp\Perflib_Perfdata_fc.dat not found!

File move failed. C:\windows\temp\vmware-vmount.log scheduled to be moved on reboot.

C:\windows\temp\Perflib_Perfdata_d4.dat moved successfully.

 

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by Um at 2008-12-15 20:24:40

Microsoft Windows XP Professional Service Pack 2

System drive C: has 9 GB (24%) free of 38 GB

Total RAM: 1023 MB (56% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:24:42, on 15/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\windows\system32\spoolsv.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\windows\system32\nvsvc32.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\windows\notepad.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Fábrica de Bits\ACORDA\acorda.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

C:\windows\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Microsoft Money\System\reminder.exe

C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\SpeedFan\speedfan.exe

C:\WINDOWS\explorer.exe

C:\windows\system32\wuauclt.exe

C:\Documents and Settings\Um\Desktop\RSIT.exe

C:\HiJack\Um.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [ACORDA] C:\Arquivos de programas\Fábrica de Bits\ACORDA\acorda.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: SpeedFan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe

O8 - Extra context menu item: Add to EverNote - res://C:\Arquivos de programas\EverNote\EverNote\enbar.dll/2000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll

O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = UM

O17 - HKLM\Software\..\Telephony: DomainName = UM

O17 - HKLM\System\CCS\Services\Tcpip\..\{3FC3B0ED-1D34-4E79-A979-0B23D10D35BF}: NameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = UM

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = UM

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = UM

O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = UM

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\windows\System32\TuneUpDefragService.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

 

--

End of file - 9498 bytes

 

======Scheduled tasks folder======

 

C:\windows\tasks\1-Click Maintenance.job

C:\windows\tasks\GoogleUpdateTaskUser.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2008-12-02 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2008-04-01 337992]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2008-12-02 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-02 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"=C:\windows\system32\HDAShCut.exe [2004-10-27 61952]

"SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]

"SoundMAX"=C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]

"ACORDA"=C:\Arquivos de programas\Fábrica de Bits\ACORDA\acorda.exe [2004-09-04 483328]

"ccApp"=C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe [2006-03-07 53408]

"vptray"=C:\ARQUIV~1\SYMANT~1\VPTray.exe [2006-03-17 124656]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2008-12-02 136600]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Reminder"=C:\Arquivos de programas\Microsoft Money\System\reminder.exe [1998-07-25 36864]

"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2004-08-04 15360]

"Google Update"=C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [2008-09-09 133104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Arquivos de programas\DAEMON Tools\daemon.exe [2007-08-16 167368]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]

C:\Arquivos de programas\DVD Region+CSS Free\DVDRegionFree.exe [2004-10-22 278016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe [2005-10-20 871936]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\windows\system32\dumprep 0 -k []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Arquivos de programas\Messenger\msmsgs.exe [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^KYESCAN.lnk]

C:\ARQUIV~1\ScannerU\KYESCAN.exe [2002-02-01 172032]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

SpeedFan.lnk - C:\Arquivos de programas\SpeedFan\speedfan.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2008-04-01 337992]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]

C:\windows\system32\LMIinit.dll [2007-11-15 87352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

C:\WINDOWS\system32\NavLogon.dll [2006-03-17 43760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\ARQUIV~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2008-04-01 337992]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:LocalSubNet:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\VideoLAN\VLC\vlc.exe"="C:\Arquivos de programas\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe"="C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:LocalSubNet:Disabled:@xpsp2res.dll,-22019"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

======List of files/folders created in the last 1 months======

 

2008-12-15 20:20:15 ----D---- C:\_OTMoveIt

2008-12-14 17:49:36 ----SHD---- C:\FOUND.000

2008-12-13 15:30:06 ----D---- C:\rsit

2008-12-13 00:16:55 ----D---- C:\ComboFix

2008-12-13 00:16:54 ----A---- C:\windows\system32\CF18637.exe

2008-12-13 00:06:36 ----A---- C:\windows\system32\CF16616.exe

2008-12-11 16:36:12 ----A---- C:\windows\ntbtlog.txt

2008-12-11 11:07:46 ----HD---- C:\windows\$NtUninstallKB952069_WM9$

2008-12-11 11:07:41 ----HD---- C:\windows\$NtUninstallKB955839$

2008-12-11 11:06:15 ----HD---- C:\windows\$NtUninstallKB954600$

2008-12-11 11:06:11 ----A---- C:\windows\imsins.BAK

2008-12-11 11:06:08 ----HD---- C:\windows\$NtUninstallKB956802$

2008-12-09 16:27:30 ----A---- C:\windows\system32\CF30496.exe

2008-12-09 16:09:57 ----A---- C:\windows\NIRCMD.exe

2008-12-09 16:09:50 ----A---- C:\windows\system32\CF27038.exe

2008-12-09 16:03:19 ----A---- C:\windows\system32\CF25761.exe

2008-12-08 15:49:25 ----D---- C:\HiJack

2008-12-08 12:05:54 ----A---- C:\windows\wininit.ini

2008-12-04 16:57:50 ----A---- C:\windows\system32\CF1969.exe

2008-12-03 13:44:25 ----A---- C:\windows\system32\CF9606.exe

2008-12-03 13:42:45 ----SHD---- C:\windows\CSC

2008-12-03 13:38:28 ----A---- C:\windows\system32\CF8440.exe

2008-12-02 20:41:46 ----D---- C:\Documents and Settings\Um\Dados de aplicativos\WinRAR

2008-12-02 20:36:49 ----D---- C:\windows\ERUNT

2008-12-02 20:07:50 ----A---- C:\windows\system32\CF31960.exe

2008-12-02 19:05:35 ----A---- C:\windows\system32\CF19760.exe

2008-12-02 17:23:26 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-12-02 17:23:26 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy

2008-12-02 15:51:49 ----D---- C:\cmdcons

2008-12-02 15:49:29 ----A---- C:\windows\zip.exe

2008-12-02 15:49:29 ----A---- C:\windows\VFIND.exe

2008-12-02 15:49:29 ----A---- C:\windows\SWXCACLS.exe

2008-12-02 15:49:29 ----A---- C:\windows\SWSC.exe

2008-12-02 15:49:29 ----A---- C:\windows\SWREG.exe

2008-12-02 15:49:29 ----A---- C:\windows\sed.exe

2008-12-02 15:49:29 ----A---- C:\windows\grep.exe

2008-12-02 15:49:29 ----A---- C:\windows\fdsv.exe

2008-12-02 15:48:52 ----D---- C:\windows\ERDNT

2008-12-02 15:48:51 ----A---- C:\windows\system32\CF13984.exe

 

======List of files/folders modified in the last 1 months======

 

2008-12-15 20:20:58 ----A---- C:\windows\SchedLgU.Txt

2008-12-09 21:24:38 ----A---- C:\windows\system32\MRT.exe

2008-12-08 02:01:30 ----A---- C:\windows\NeroDigital.ini

2008-12-07 19:16:26 ----A---- C:\windows\DVDRegionFree.INI

2008-12-02 21:08:00 ----A---- C:\windows\system32\javaws.exe

2008-12-02 21:08:00 ----A---- C:\windows\system32\javaw.exe

2008-12-02 21:08:00 ----A---- C:\windows\system32\java.exe

2008-12-02 21:08:00 ----A---- C:\windows\system32\deploytk.dll

2008-11-29 16:24:32 ----RAH---- C:\windows\system32\cdplayer.exe.manifest

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\eeCtrl.sys []

R1 InCDPass;InCDPass; C:\windows\system32\drivers\InCDPass.sys [2005-10-14 29440]

R1 incdrm;InCD Reader; C:\windows\system32\drivers\InCDRm.sys [2005-10-14 22016]

R1 intelppm;Driver de Processador Intel; C:\windows\system32\DRIVERS\intelppm.sys [2004-08-04 40192]

R1 PQNTDrv;PQNTDrv; C:\windows\system32\drivers\PQNTDrv.sys [2002-09-16 4228]

R1 SAVRT;SAVRT; \??\C:\Arquivos de programas\Symantec AntiVirus\savrt.sys []

R1 SAVRTPEL;SAVRTPEL; \??\C:\Arquivos de programas\Symantec AntiVirus\Savrtpel.sys []

R1 SPBBCDrv;SPBBCDrv; \??\C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCDrv.sys []

R1 SYMTDI;SYMTDI; C:\windows\System32\Drivers\SYMTDI.SYS [2006-01-24 195776]

R2 BulkUsb;Genius ColorPage USB Scanner; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []

R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []

R2 VMnetBridge;VMware Bridge Protocol; C:\windows\system32\DRIVERS\vmnetbridge.sys [2007-05-01 28592]

R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []

R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []

R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []

R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vstor2.sys []

R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Arquivos de programas\VMware\VMware Workstation\vstor2-ws60.sys []

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2005-10-05 141312]

R3 AEAudioService;AEAudio Service; C:\windows\system32\drivers\AEAudio.sys [2005-03-04 127872]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\windows\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]

R3 lmimirr;lmimirr; C:\windows\system32\DRIVERS\lmimirr.sys [2007-08-03 10144]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\windows\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]

R3 NAVENG;NAVENG; \??\C:\ARQUIV~1\ARQUIV~1\SYMANT~1\VIRUSD~1\20081212.004\naveng.sys []

R3 NAVEX15;NAVEX15; \??\C:\ARQUIV~1\ARQUIV~1\SYMANT~1\VIRUSD~1\20081212.004\navex15.sys []

R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]

R3 SenFiltService;SenFilt Service; C:\windows\system32\drivers\Senfilt.sys [2005-08-11 393088]

R3 SymEvent;SymEvent; \??\C:\Arquivos de programas\Symantec\SYMEVENT.SYS []

R3 SYMREDRV;SYMREDRV; C:\windows\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]

R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []

R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\windows\system32\DRIVERS\vmnetadapter.sys [2007-05-01 16816]

R4 InCDfs;InCD File System; C:\windows\system32\drivers\InCDFs.sys [2005-10-14 101760]

S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys []

S3 akt9kg43;akt9kg43; C:\windows\system32\drivers\akt9kg43.sys []

S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\Um\CONFIG~1\Temp\catchme.sys []

S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2004-10-27 145920]

S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

S4 LMIRfsClientNP;LMIRfsClientNP; C:\windows\system32\drivers\LMIRfsClientNP.sys []

S4 sr;Driver de filtro de restauração do sistema; C:\windows\system32\DRIVERS\sr.sys [2004-08-04 73472]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 ccEvtMgr;Symantec Event Manager; C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe [2006-03-07 192160]

R2 ccSetMgr;Symantec Settings Manager; C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe [2006-03-07 169632]

R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe [2006-03-17 30448]

R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [2005-10-14 670208]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-12-02 152984]

R2 NMSAccessU;NMSAccessU; C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]

R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2008-05-02 159812]

R2 SPBBCSvc;Symantec SPBBCSvc; C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-02-06 1160848]

R2 Symantec AntiVirus;Symantec AntiVirus; C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe [2006-03-17 1799408]

R2 UxTuneUp;TuneUp Theme Extension; C:\windows\System32\svchost.exe [2004-08-04 14336]

R2 VMAuthdService;VMware Authorization Service; C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe [2007-05-01 109360]

R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2007-05-01 121648]

R2 vmount2;VMware Virtual Mount Manager Extended; C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]

R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2007-05-01 150320]

S2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2008-04-01 46144]

S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 LiveUpdate;LiveUpdate; C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 SavRoam;SAVRoam; C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952]

S3 SNDSrvc;Symantec Network Drivers Service; C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe [2006-01-24 214720]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\windows\System32\TuneUpDefragService.exe [2008-05-20 306432]

S3 ufad-ws60;VMware Agent Service; C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe [2007-04-09 187184]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

 

-----------------EOF-----------------

[MGuitar 11]

1ª Etapa

 

Execute a opção de ver pastas e arquivos ocultos. Delete o arquivo em vermelho destacado à seguir de seu computador: C:\FOUND.000.

 

Delete a ferramenta OTMoveIt3. Caso a ferramenta ComboFix ainda esteja em seu sistema, vá em Iniciar > Executar, digite: combofix /u e dê um Enter.

 

 

2ª Etapa

 

 

- Faça o download do ToolsCleaner e salve no desktop;

 

- Feche todas as janelas abertas e dê um duplo clique no ícone do programa para executá-lo:

- Clique no botão Recherche para iniciar o scan e aguarde:

- Quando o scan terminar, será apresentado os itens que serão removidos;

- Clique no botão Supression para remover os itens encontrados e depois clique em Quitter para que o programa se feche e o log será gerado;

- O log estará em C:\TCleaner.txt.

 

Cole este log do ToolsCleaner em sua próxima resposta.

 

Pergunta: Ocorre algum problema na máquina ainda?

[Tigre13 0]

Olá, acabei de constatar que os arquivos ocultos continuam ocultos, quando fui executar a primeira etapa do seu post, e ainda encontrei na raiz de C os seguinte arquivos que parecem suspeitos, pois não aparece a extenção do arquivo mesmo quando configuro para mostrar arquivos ocultos, exibir extenções de arquivos protegidos do sistema operacional e de arquivos conhecidos:

.rnd 1 kb Arquivo RND 06/07/08

cmld 256kb Arquivo 03/08/04

khr 0 kb Arquivo de Sistema 08/12/08

ntldr 246 kb Arquivo de Sistema 04/08/04

nas demais unidades não encontrei arquivos duvidosos na raiz.

 

Quanto ao desempenho da máquina, melhorou um pouco, mas ainda parece estar faltando um pouco, tem momentos que fica lenta e quando testo no jogo, as vezes tem falha de vídeo (para e depois salta a sequência de imagem), mas só no jogo.

 

[ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]

 

-->- Recherche:

 

C:\Rsit: trouvé !

C:\Documents and Settings\Um\Desktop\SdFix.exe: trouvé !

C:\Documents and Settings\Um\Desktop\Rsit.exe: trouvé !

C:\HiJack\HijackThis.exe: trouvé !

C:\HiJack\hijackthis.log: trouvé !

 

---------------------------------

-->- Suppression:

 

C:\Documents and Settings\Um\Desktop\SdFix.exe: supprimé !

C:\HiJack\HijackThis.exe: supprimé !

C:\Documents and Settings\Um\Desktop\Rsit.exe: supprimé !

C:\HiJack\hijackthis.log: supprimé !

C:\Rsit: supprimé !

[MGuitar 11]

Olá, acabei de constatar que os arquivos ocultos continuam ocultos, quando fui executar a primeira etapa do seu post, e ainda encontrei na raiz de C os seguinte arquivos que parecem suspeitos, pois não aparece a extenção do arquivo mesmo quando configuro para mostrar arquivos ocultos, exibir extenções de arquivos protegidos do sistema operacional e de arquivos conhecidos:

.rnd 1 kb Arquivo RND 06/07/08

cmld 256kb Arquivo 03/08/04

khr 0 kb Arquivo de Sistema 08/12/08

ntldr 246 kb Arquivo de Sistema 04/08/04

nas demais unidades não encontrei arquivos duvidosos na raiz.

São vírus.

 

Por favor, tente rodar novamente o ComboFix. tente em Modo Normal com o antivirus desabilitado. Caso não consiga tente em Modo de Segurança.

 

Caso não consiga ainda assim rodá-lo, siga as instruções abaixo.

 

- Baixe o OTListIt e salve-o no desktop;

 

● Duplo clique em OTListIt.exe;

● Marque as opções Scan All Users e Use Whitelist;

● Em "File Age" selecione "90 days";

● Clique em Run Scan e aguarde o término do processo;

● Será gerado um log no desktop chamado OTListIt.txt.

 

Cole este log em sua próxima resposta.

[Tigre13 0]

Olá,

 

Quando tentei novamente executar o ComboFix, faltou mencionar antes que em uma das vezes anteriores no modo seguros após aparecer a tela azul, quando no reinicio da máquina, apareceu uma outra janela ainda no aparência do XP padrão, que não é o que uso, com caracteres variáveis no título e na janela, exemplo: [ê], [[ç]]....

Mais tarde essa janela começou aparecer toda vez que inicio o sistema, seja normal ou modo seguro.

 

Porém hoje quando tentei novamente, além dos caracteres já citados acima apareceu também .....c:\windows\system32\evntcmd.exe

 

 

Bem o OTListIt abriu dois arquivos .txt: OTListIt.txt e Extras.txt

 

OTListIt logfile created on: 2008-12-16 15:11:48 - Run

OTListIt by OldTimer - Version 1.0.12.1 Folder = C:\Documents and Settings\Um\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy-MM-dd

 

1023.20 Mb Total Physical Memory | 599.68 Mb Available Physical Memory | 58.61% Memory free

2.91 Gb Paging File | 2.54 Gb Available in Paging File | 87.57% Paging File free

Paging file location(s): C:\pagefile.sys 2048 2048;

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 37.40 Gb Total Space | 8.49 Gb Free Space | 22.69% Space Free | Partition Type: FAT32

Drive D: | 97.71 Gb Total Space | 40.76 Gb Free Space | 41.71% Space Free | Partition Type: FAT32

Drive E: | 97.71 Gb Total Space | 0.83 Gb Free Space | 0.85% Space Free | Partition Type: FAT32

Drive F: | 232.88 Gb Total Space | 6.19 Gb Free Space | 2.66% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: UM

Current User Name: Um

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 90 Days

 

========== Processes ==========

 

[2005-10-14 12:02:02 | 00,670,208 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

[2006-03-07 13:03:02 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

[2006-03-07 13:02:34 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

[2006-02-06 12:50:24 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

[2008-04-01 10:09:34 | 00,046,144 | ---- | M] () -- C:\ARQUIV~1\GbPlugin\GbpSv.exe

[2006-03-17 06:34:12 | 00,030,448 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

[2008-12-02 21:08:00 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe

[2007-10-12 08:34:56 | 00,071,096 | ---- | M] () -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

[2008-05-02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\windows\system32\nvsvc32.exe

[2006-03-17 06:34:20 | 01,799,408 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

[2007-05-01 22:52:36 | 00,109,360 | ---- | M] (VMware, Inc.) -- C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

[2007-03-23 10:02:52 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

[2007-05-01 22:52:32 | 00,150,320 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe

[2007-05-01 22:51:46 | 00,121,648 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe

[2005-05-20 07:11:06 | 00,925,696 | R--- | M] (Analog Devices, Inc.) -- C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

[2005-09-07 15:35:36 | 00,716,800 | ---- | M] (Analog Devices, Inc.) -- C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

[2004-09-04 23:36:38 | 00,483,328 | ---- | M] () -- C:\Arquivos de programas\Fábrica de Bits\ACORDA\acorda.exe

[2006-03-07 13:02:14 | 00,053,408 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

[2006-03-17 06:34:30 | 00,124,656 | ---- | M] (Symantec Corporation) -- C:\ARQUIV~1\SYMANT~1\VPTray.exe

[2005-07-15 19:48:34 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

[2004-08-04 03:45:42 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\RUNDLL32.EXE

[2008-12-02 21:08:00 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jusched.exe

[1998-07-25 00:00:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Money\System\reminder.exe

[2008-09-09 10:46:10 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

[2007-09-17 15:04:02 | 02,902,528 | ---- | M] (Almico Software (www.almico.com)) -- C:\Arquivos de programas\SpeedFan\speedfan.exe

[2004-08-04 01:45:46 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\wuauclt.exe

[2008-12-16 15:10:26 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Um\Desktop\OTListIt.exe

 

========== (O23) Win32 Services ==========

 

[2007-10-24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2006-03-07 13:02:34 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])

[2006-03-07 13:03:02 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])

[2007-10-24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2006-03-17 06:34:12 | 00,030,448 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])

[2007-10-09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2008-04-01 10:09:34 | 00,046,144 | ---- | M] () -- C:\ARQUIV~1\GbPlugin\GbpSv.exe -- (GbpSv [unknown | Running])

[2007-10-11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

[2005-10-14 12:02:02 | 00,670,208 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])

[2008-12-02 21:08:00 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2006-02-23 11:41:04 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate [On_Demand | Stopped])

[2007-10-11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

[2007-10-12 08:34:56 | 00,071,096 | ---- | M] () -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])

[2008-05-02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\windows\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2003-07-28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2006-03-17 06:34:24 | 00,115,952 | ---- | M] (symantec) -- C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])

[2006-01-24 20:06:58 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])

[2006-02-06 12:50:24 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])

[2006-03-17 06:34:20 | 01,799,408 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])

[2008-05-20 10:15:56 | 00,306,432 | ---- | M] (TuneUp Software GmbH) -- C:\windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])

[2007-04-09 13:58:14 | 00,187,184 | ---- | M] (VMware, Inc.) -- C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60 [On_Demand | Stopped])

[2007-05-01 22:52:36 | 00,109,360 | ---- | M] (VMware, Inc.) -- C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService [Auto | Running])

[2007-05-01 22:51:46 | 00,121,648 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP [Auto | Running])

[2007-03-23 10:02:52 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2 [Auto | Running])

[2007-05-01 22:52:32 | 00,150,320 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service [Auto | Running])

 

========== Driver Services ==========

 

[2005-10-05 15:21:10 | 00,141,312 | R--- | M] (Analog Devices, Inc.) -- C:\windows\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])

[2005-03-04 18:53:00 | 00,127,872 | R--- | M] (Andrea Electronics Corporation) -- C:\windows\system32\drivers\AEAudio.sys -- (AEAudioService [On_Demand | Running])

[2004-04-26 13:26:48 | 00,005,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\Asushwio.sys -- (Asushwio [On_Demand | Stopped])

[2008-09-05 05:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])

[2008-11-01 13:03:36 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])

[2001-08-17 20:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\windows\system32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Running])

[1996-04-03 17:33:26 | 00,005,248 | ---- | M] () -- C:\windows\system32\giveio.sys -- (giveio [boot | Running])

[2007-05-01 22:52:52 | 00,034,608 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\Drivers\hcmon.sys -- (hcmon [Auto | Running])

[2004-10-27 15:21:30 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\windows\system32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])

[2004-10-27 15:21:36 | 00,138,240 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\windows\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

[2005-10-14 12:00:36 | 00,101,760 | ---- | M] (Nero AG) -- C:\windows\system32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running])

[2005-10-14 12:01:56 | 00,029,440 | ---- | M] (Nero AG) -- C:\windows\system32\drivers\InCDPass.sys -- (InCDPass [system | Running])

[2005-10-14 12:00:26 | 00,022,016 | ---- | M] (Nero AG) -- C:\windows\system32\drivers\InCDRm.sys -- (incdrm [system | Running])

[2007-08-03 15:04:52 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\windows\system32\DRIVERS\lmimirr.sys -- (lmimirr [On_Demand | Running])

[2007-11-15 18:46:40 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP [Disabled | Stopped])

[2007-08-03 15:09:34 | 00,046,112 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver [Auto | Running])

[2004-08-12 08:56:20 | 00,005,810 | R--- | M] () -- C:\windows\system32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])

[2008-11-20 07:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\ARQUIV~1\ARQUIV~1\SYMANT~1\VIRUSD~1\20081212.004\naveng.sys -- (NAVENG [On_Demand | Running])

[2008-11-20 07:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\ARQUIV~1\ARQUIV~1\SYMANT~1\VIRUSD~1\20081212.004\navex15.sys -- (NAVEX15 [On_Demand | Running])

[2008-05-02 22:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\windows\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

[2002-09-16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv [system | Running])

[2001-10-28 18:07:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\windows\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

[2005-12-19 20:41:56 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Symantec AntiVirus\savrt.sys -- (SAVRT [system | Running])

[2005-12-19 20:41:58 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [system | Running])

[2007-11-13 08:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\windows\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2005-08-11 11:49:28 | 00,393,088 | R--- | M] (Sensaura) -- C:\windows\system32\drivers\Senfilt.sys -- (SenFiltService [On_Demand | Running])

[2006-02-06 12:50:22 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [system | Running])

[2006-09-24 11:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\windows\system32\speedfan.sys -- (speedfan [boot | Running])

[2007-12-22 18:59:38 | 00,685,816 | ---- | M] () -- C:\windows\System32\Drivers\sptd.sys -- (sptd [boot | Running])

[2006-01-31 13:29:20 | 00,107,696 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2006-01-24 20:06:32 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])

[2006-01-24 20:06:36 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI [system | Running])

[2004-08-03 23:07:44 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\DRIVERS\uagp35.sys -- (uagp35 [boot | Running])

[2007-05-01 22:52:56 | 00,021,040 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd [On_Demand | Running])

[2007-05-01 22:51:02 | 00,016,816 | R--- | M] (VMware, Inc.) -- C:\windows\system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Running])

[2007-05-01 22:51:02 | 00,028,592 | R--- | M] (VMware, Inc.) -- C:\windows\system32\DRIVERS\vmnetbridge.sys -- (VMnetBridge [Auto | Running])

[2007-05-01 22:52:52 | 00,025,264 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running])

[2007-05-01 22:52:02 | 00,016,176 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\Drivers\VMparport.sys -- (VMparport [Auto | Running])

[2007-05-01 22:52:50 | 00,430,128 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\Drivers\vmx86.sys -- (vmx86 [Auto | Running])

[2007-03-23 10:03:00 | 00,018,480 | ---- | M] (VMware, Inc.) -- C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2 [Auto | Running])

[2007-04-09 13:55:46 | 00,019,504 | ---- | M] (VMware, Inc.) -- C:\Arquivos de programas\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60 [Auto | Running])

 

========== Internet Explorer ==========

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

HKU\S-1-5-21-823518204-1035525444-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKU\S-1-5-21-823518204-1035525444-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

HKU\S-1-5-21-823518204-1035525444-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

HKU\S-1-5-21-823518204-1035525444-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found

HKU\S-1-5-21-823518204-1035525444-839522115-1003\S-1-5-21-823518204-1035525444-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

O1 HOSTS File: (686 bytes) - C:\windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKCU\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-823518204-1035525444-839522115-1003\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found

O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe (Google Inc.)

O4 - HKLM..\Run: [ACORDA] C:\Arquivos de programas\Fábrica de Bits\ACORDA\acorda.exe ()

O4 - HKLM..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" (Symantec Corporation)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()

O4 - HKLM..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe (Symantec Corporation)

O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c (Google Inc.)

O4 - HKCU..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-823518204-1035525444-839522115-1003..\Run: [Google Update] "C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c (Google Inc.)

O4 - HKU\S-1-5-21-823518204-1035525444-839522115-1003..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\SpeedFan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-823518204-1035525444-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-823518204-1035525444-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\S-1-5-21-823518204-1035525444-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: Add to EverNote - res://C:\Arquivos de programas\EverNote\EverNote\enbar.dll/2000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll (EverNote Corporation)

O9 - Extra 'Tools' menuitem : Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll (EverNote Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://imagem.caixa.gov.br/cab/gbpdist.cab (GbpDistObj Class)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.254

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Arquivos de programas\Arquivos comuns\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Arquivos de programas\Arquivos comuns\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Arquivos de programas\Arquivos comuns\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler: - ms-itss - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap11 - C:\ARQUIV~1\ARQUIV~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

 

========== Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

GbPluginCef: "DllName" = C:\Arquivos de programas\GbPlugin\gbiehcef.dll -- C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

LMIinit: "DllName" = LMIinit.dll -- C:\windows\system32\LMIinit.dll (LogMeIn, Inc.)

NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}" (HKLM) -- C:\ARQUIV~1\DVDREG~1\DVDShell.dll (Fengtao Software Inc.)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}" (HKLM) -- C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

 

========== Safeboot Options ==========

 

"AlternateShell" = cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2007-12-22 14:31:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]

 

========== Files/Folders - Created Within 90 Days ==========

 

[2008-12-16 15:10:21 | 00,418,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Um\Desktop\OTListIt.exe

[2008-12-16 15:07:08 | 00,000,000 | -HSD | C] -- C:\FOUND.001

[2008-12-16 15:03:40 | 00,000,000 | ---D | C] -- C:\ComboFix

[2008-12-16 15:03:39 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF23013.exe

[2008-12-16 14:55:42 | 00,000,000 | -HSD | C] -- C:\FOUND.000

[2008-12-16 14:48:53 | 00,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe

[2008-12-16 14:48:53 | 00,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2008-12-16 14:48:53 | 00,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2008-12-16 14:48:53 | 00,098,816 | ---- | C] () -- C:\windows\sed.exe

[2008-12-16 14:48:53 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\windows\fdsv.exe

[2008-12-16 14:48:53 | 00,080,412 | ---- | C] () -- C:\windows\grep.exe

[2008-12-16 14:48:53 | 00,068,096 | ---- | C] () -- C:\windows\zip.exe

[2008-12-16 14:48:53 | 00,049,152 | ---- | C] () -- C:\windows\VFIND.exe

[2008-12-16 14:48:53 | 00,028,672 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2008-12-16 14:48:50 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF20106.exe

[2008-12-16 14:48:50 | 00,000,000 | ---D | C] -- C:\Qoobox

[2008-12-16 14:47:30 | 02,875,247 | R--- | C] () -- C:\Documents and Settings\Um\Desktop\ComboFix.exe

[2008-12-16 01:58:34 | 00,455,168 | ---- | C] () -- C:\Documents and Settings\Um\Desktop\ToolsCleaner2.exe

[2008-12-13 00:16:54 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF18637.exe

[2008-12-13 00:06:36 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF16616.exe

[2008-12-11 11:06:11 | 00,001,393 | ---- | C] () -- C:\windows\imsins.BAK

[2008-12-09 16:27:30 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF30496.exe

[2008-12-09 16:09:50 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF27038.exe

[2008-12-09 16:03:19 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF25761.exe

[2008-12-08 15:50:10 | 00,000,000 | RHS- | C] () -- C:\khr

[2008-12-08 15:49:29 | 00,000,503 | RHS- | C] () -- C:\windows\System32\autorun.inf

[2008-12-08 15:49:25 | 00,000,000 | ---D | C] -- C:\HiJack

[2008-12-08 12:05:54 | 00,000,093 | ---- | C] () -- C:\windows\wininit.ini

[2008-12-04 16:57:50 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF1969.exe

[2008-12-03 13:44:25 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF9606.exe

[2008-12-03 13:42:45 | 00,000,000 | -HSD | C] -- C:\windows\CSC

[2008-12-03 13:38:28 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF8440.exe

[2008-12-02 20:41:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Um\Dados de aplicativos\WinRAR

[2008-12-02 20:36:49 | 00,000,000 | ---D | C] -- C:\windows\ERUNT

[2008-12-02 20:07:50 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF31960.exe

[2008-12-02 20:05:41 | 00,003,584 | -HS- | C] () -- C:\Documents and Settings\Um\Meus documentos\Thumbs.db

[2008-12-02 19:05:35 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF19760.exe

[2008-12-02 17:34:57 | 14,968,808 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Um\Desktop\spybotsd160.exe

[2008-12-02 17:23:29 | 00,000,893 | ---- | C] () -- C:\Documents and Settings\Um\Desktop\Spybot - Search & Destroy.lnk

[2008-12-02 17:23:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

[2008-12-02 17:23:26 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Spybot - Search & Destroy

[2008-12-02 15:51:50 | 00,261,856 | ---- | C] () -- C:\cmldr

[2008-12-02 15:51:49 | 00,000,000 | ---D | C] -- C:\cmdcons

[2008-12-02 15:48:52 | 00,000,000 | ---D | C] -- C:\windows\ERDNT

[2008-12-02 15:48:51 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF13984.exe

[2008-12-01 09:37:35 | 00,122,541 | ---- | C] () -- C:\Documents and Settings\Um\Desktop\fontes.zip

[2008-11-14 14:22:51 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\MSXML 4.0

[2008-11-07 16:01:30 | 00,318,904 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Um\Desktop\wmpfirefoxplugin.exe

[2008-09-30 16:43:34 | 01,286,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml4.dll

[2008-09-22 18:51:19 | 00,001,524 | ---- | C] () -- C:\Documents and Settings\Um\Desktop\CCleaner.lnk

 

 

========== Files - Modified Within 90 Days ==========

 

[2008-12-16 15:10:26 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Um\Desktop\OTListIt.exe

[2008-12-16 15:08:40 | 00,177,611 | ---- | M] () -- C:\windows\System32\nvapps.xml

[2008-12-16 15:07:52 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT

[2008-12-16 15:07:44 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat

[2008-12-16 15:03:38 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF23013.exe

[2008-12-16 14:48:48 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF20106.exe

[2008-12-16 14:47:42 | 02,875,247 | R--- | M] () -- C:\Documents and Settings\Um\Desktop\ComboFix.exe

[2008-12-16 10:51:52 | 02,851,056 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2008-12-16 01:58:36 | 00,455,168 | ---- | M] () -- C:\Documents and Settings\Um\Desktop\ToolsCleaner2.exe

[2008-12-16 01:50:14 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini

[2008-12-16 01:50:10 | 00,000,067 | ---- | M] () -- C:\windows\DVDRegionFree.INI

[2008-12-13 00:16:52 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF18637.exe

[2008-12-13 00:06:34 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF16616.exe

[2008-12-12 11:43:10 | 00,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl

[2008-12-11 11:07:46 | 00,001,393 | ---- | M] () -- C:\windows\imsins.BAK

[2008-12-09 21:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MRT.exe

[2008-12-09 16:27:28 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF30496.exe

[2008-12-09 16:09:50 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF27038.exe

[2008-12-09 16:03:18 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF25761.exe

[2008-12-08 15:50:12 | 00,000,000 | RHS- | M] () -- C:\khr

[2008-12-08 15:49:30 | 00,000,503 | RHS- | M] () -- C:\windows\System32\autorun.inf

[2008-12-08 12:05:56 | 00,000,093 | ---- | M] () -- C:\windows\wininit.ini

[2008-12-05 17:15:00 | 00,000,386 | ---- | M] () -- C:\windows\tasks\1-Click Maintenance.job

[2008-12-04 16:57:48 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF1969.exe

[2008-12-03 13:44:24 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF9606.exe

[2008-12-03 13:38:26 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF8440.exe

[2008-12-02 20:07:48 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF31960.exe

[2008-12-02 20:05:44 | 00,003,584 | -HS- | M] () -- C:\Documents and Settings\Um\Meus documentos\Thumbs.db

[2008-12-02 19:05:32 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF19760.exe

[2008-12-02 17:45:18 | 14,968,808 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Um\Desktop\spybotsd160.exe

[2008-12-02 17:23:30 | 00,000,893 | ---- | M] () -- C:\Documents and Settings\Um\Desktop\Spybot - Search & Destroy.lnk

[2008-12-02 15:48:50 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF13984.exe

[2008-12-01 16:01:34 | 01,071,648 | ---- | M] () -- C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2008-12-01 09:37:22 | 00,122,541 | ---- | M] () -- C:\Documents and Settings\Um\Desktop\fontes.zip

[2008-12-01 09:23:24 | 00,500,934 | ---- | M] () -- C:\windows\FontData.fdb

[2008-11-11 02:06:12 | 01,578,732 | -H-- | M] () -- C:\Documents and Settings\Um\Configurações locais\Dados de aplicativos\IconCache.db

[2008-11-07 18:32:20 | 02,109,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WMVCore.dll

[2008-11-07 18:32:20 | 02,109,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\WMVCore.dll

[2008-11-07 16:01:28 | 00,318,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Um\Desktop\wmpfirefoxplugin.exe

[2008-10-24 09:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\mrxsmb.sys

[2008-10-24 09:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mrxsmb.sys

[2008-10-23 11:00:12 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\gdi32.dll

[2008-10-23 11:00:12 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\gdi32.dll

[2008-10-22 07:47:08 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\tzchange.exe

[2008-10-17 01:53:08 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.dll

[2008-10-17 01:53:08 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtml.dll

[2008-10-16 18:23:08 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\urlmon.dll

[2008-10-16 18:23:08 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\urlmon.dll

[2008-10-16 18:23:08 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wininet.dll

[2008-10-16 18:23:08 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wininet.dll

[2008-10-16 18:23:08 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mstime.dll

[2008-10-16 18:23:08 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mstime.dll

[2008-10-16 18:23:08 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmled.dll

[2008-10-16 18:23:08 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtmled.dll

[2008-10-16 18:23:08 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\webcheck.dll

[2008-10-16 18:23:08 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\webcheck.dll

[2008-10-16 18:23:08 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll

[2008-10-16 18:23:08 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msrating.dll

[2008-10-16 18:23:08 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll

[2008-10-16 18:23:08 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\url.dll

[2008-10-16 18:23:08 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\occache.dll

[2008-10-16 18:23:08 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\occache.dll

[2008-10-16 18:23:08 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll

[2008-10-16 18:23:08 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\pngfilt.dll

[2008-10-16 18:23:06 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieframe.dll

[2008-10-16 18:23:06 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ieframe.dll

[2008-10-16 18:23:06 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl

[2008-10-16 18:23:06 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\inetcpl.cpl

[2008-10-16 18:23:06 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll

[2008-10-16 18:23:06 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeeds.dll

[2008-10-16 18:23:06 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll

[2008-10-16 18:23:06 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedkcs32.dll

[2008-10-16 18:23:06 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll

[2008-10-16 18:23:06 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ieapfltr.dll

[2008-10-16 18:23:06 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll

[2008-10-16 18:23:06 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\dxtmsft.dll

[2008-10-16 18:23:06 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iertutil.dll

[2008-10-16 18:23:06 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iertutil.dll

[2008-10-16 18:23:06 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll

[2008-10-16 18:23:06 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ieaksie.dll

[2008-10-16 18:23:06 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll

[2008-10-16 18:23:06 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\dxtrans.dll

[2008-10-16 18:23:06 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll

[2008-10-16 18:23:06 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ieakeng.dll

[2008-10-16 18:23:06 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\extmgr.dll

[2008-10-16 18:23:06 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\extmgr.dll

[2008-10-16 18:23:06 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\advpack.dll

[2008-10-16 18:23:06 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\advpack.dll

[2008-10-16 18:23:06 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\icardie.dll

[2008-10-16 18:23:06 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\icardie.dll

[2008-10-16 18:23:06 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll

[2008-10-16 18:23:06 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeedsbs.dll

[2008-10-16 18:23:06 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll

[2008-10-16 18:23:06 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iernonce.dll

[2008-10-16 18:23:06 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll

[2008-10-16 18:23:06 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\jsproxy.dll

[2008-10-16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuaueng.dll

[2008-10-16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuaueng.dll

[2008-10-16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuweb.dll

[2008-10-16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuweb.dll

[2008-10-16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wucltui.dll

[2008-10-16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wucltui.dll

[2008-10-16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll

[2008-10-16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuapi.dll

[2008-10-16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuaucpl.cpl

[2008-10-16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuaucpl.cpl

[2008-10-16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\cdm.dll

[2008-10-16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\cdm.dll

[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuauclt.exe

[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuauclt.exe

[2008-10-16 14:09:44 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups2.dll

[2008-10-16 14:09:40 | 00,031,768 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wucltui.dll.mui

[2008-10-16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups.dll

[2008-10-16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wups.dll

[2008-10-16 14:08:12 | 00,027,672 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuaucpl.cpl.mui

[2008-10-16 14:08:12 | 00,027,672 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll.mui

[2008-10-16 14:07:32 | 00,018,968 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuaueng.dll.mui

[2008-10-16 11:15:02 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe

[2008-10-16 11:15:02 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ie4uinit.exe

[2008-10-16 11:11:10 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieudinit.exe

[2008-10-16 11:11:10 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ieudinit.exe

[2008-10-15 14:59:30 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\netapi32.dll

[2008-10-15 14:59:30 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\netapi32.dll

[2008-10-15 05:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iexplore.exe

[2008-10-15 05:04:54 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll

[2008-10-15 05:04:54 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ieakui.dll

[2008-10-03 08:16:50 | 00,247,326 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\strmdll.dll

[2008-10-03 08:16:50 | 00,247,326 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\strmdll.dll

[2008-09-30 16:43:34 | 01,286,152 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msxml4.dll

[2008-09-22 18:51:20 | 00,001,524 | ---- | M] () -- C:\Documents and Settings\Um\Desktop\CCleaner.lnk

[2008-09-18 15:58:16 | 00,000,588 | ---- | M] () -- C:\windows\win.ini

 

< End of report >

 

 

 

 

OTListIt Extras logfile created on: 2008-12-16 15:11:48 - Run

OTListIt by OldTimer - Version 1.0.12.1 Folder = C:\Documents and Settings\Um\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy-MM-dd

 

1023.20 Mb Total Physical Memory | 599.68 Mb Available Physical Memory | 58.61% Memory free

2.91 Gb Paging File | 2.54 Gb Available in Paging File | 87.57% Paging File free

Paging file location(s): C:\pagefile.sys 2048 2048;

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 37.40 Gb Total Space | 8.49 Gb Free Space | 22.69% Space Free | Partition Type: FAT32

Drive D: | 97.71 Gb Total Space | 40.76 Gb Free Space | 41.71% Space Free | Partition Type: FAT32

Drive E: | 97.71 Gb Total Space | 0.83 Gb Free Space | 0.85% Space Free | Partition Type: FAT32

Drive F: | 232.88 Gb Total Space | 6.19 Gb Free Space | 2.66% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: UM

Current User Name: Um

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 90 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\windows\system32\ieframe.DLL (Microsoft Corporation)

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2006-10-10 10:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2006-10-10 10:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:LocalSubNet:Enabled:@xpsp3res.dll,-20000

[2007-11-30 07:13:04 | 00,096,256 | ---- | M] () -- C:\Arquivos de programas\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player

[2008-11-07 16:18:06 | 07,671,408 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}" = EverNote

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier

"{062BFFA1-0CCC-400B-B840-F162328D8C00}" = winLAME prerelease4

"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP

"{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}" = CuteFTP 7 Professional

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1

"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12

"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90A10416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003

"{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}" = Symantec AntiVirus

"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{CCEB2144-5F5D-49E8-AADC-05CA48AE9AA5}" = Genius Scanner

"{D32F9C0D-6B15-5DCC-3AAD-EC3E7B611046}" = Nero 7 Demo

"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"18 Wheels of Steel: American Long Haul" = 18 Wheels of Steel: American Long Haul

"7-Zip" = 7-Zip 4.43 alpha 3

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player

"BSPlayerf" = BS.Player FREE powered by AdVantage

"CCleaner" = CCleaner (remove only)

"Coleção 18 Wheel of Steel_is1" = Coleção 18 Wheel of Steel v1.2.1

"DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.58

"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v3.50

"FTP Commander" = FTP Commander

"ie7" = Windows Internet Explorer 7

"Image Doctor" = Alien Skin Image Doctor 1.0

"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.0.0

"L&H Power Translator Pro 7.0" = L&H Power Translator Pro 7.0

"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)

"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5

"Mozilla Firefox (2.0.0.17)" = Mozilla Firefox (2.0.0.17)

"MSMONEYV70" = Microsoft Money 99

"NVIDIA Drivers" = NVIDIA Drivers

"RealAlt_is1" = Real Alternative 1.7.5

"Sistema_de_Gestão_para_Escritórios_de_Advocacia_1.00" = Acorda 1.0.5

"SpeedFan" = SpeedFan (remove only)

"Sprint & FineReader 5.0 Office Try&Buy" = Sprint & FineReader 5.0 Office Try&Buy

"SystemRequirementsLab" = System Requirements Lab

"Unlocker" = Unlocker 1.7.5

"VLC media player" = VideoLAN VLC media player 0.8.6d

"WinRAR archiver" = Arquivo do WinRAR

"XnView_is1" = XnView 1.93.1

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-823518204-1035525444-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-12-15 09:08:08 | Computer Name = UM | Source = vmauthd | ID = 100

Description = Cannot find perfmon object in array returned by perfDLL, index=0

 

Error - 2008-12-15 11:45:27 | Computer Name = UM | Source = vmauthd | ID = 100

Description = Cannot find perfmon object in array returned by perfDLL, index=0

 

Error - 2008-12-15 13:55:22 | Computer Name = UM | Source = Symantec AntiVirus | ID = 16711726

Description = Security Risk Found!Risk: Trojan Horse in File: C:\System Volume Information\_restore{7861127C-E3B9-489F-A71F-9422B20404C2}\RP13\A0005947.exe

by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The

file was quarantined successfully.

 

Error - 2008-12-15 13:55:22 | Computer Name = UM | Source = Symantec AntiVirus | ID = 16711685

Description = Risk Found!Risk: Trojan Horse in File: C:\System Volume Information\_restore{7861127C-E3B9-489F-A71F-9422B20404C2}\RP13\A0005947.exe

by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:

The file was quarantined successfully.

 

Error - 2008-12-15 13:55:22 | Computer Name = UM | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Risk: Trojan Horse in File: C:\System Volume Information\_restore{7861127C-E3B9-489F-A71F-9422B20404C2}\RP13\A0005947.exe

by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:

The file was quarantined successfully.

 

Error - 2008-12-15 18:23:52 | Computer Name = UM | Source = vmauthd | ID = 100

Description = Cannot find perfmon object in array returned by perfDLL, index=0

 

Error - 2008-12-16 08:53:24 | Computer Name = UM | Source = vmauthd | ID = 100

Description = Cannot find perfmon object in array returned by perfDLL, index=0

 

Error - 2008-12-16 11:45:04 | Computer Name = UM | Source = vmauthd | ID = 100

Description = Cannot find perfmon object in array returned by perfDLL, index=0

 

Error - 2008-12-16 12:57:53 | Computer Name = UM | Source = vmauthd | ID = 100

Description = Cannot find perfmon object in array returned by perfDLL, index=0

 

Error - 2008-12-16 13:09:25 | Computer Name = UM | Source = vmauthd | ID = 100

Description = Cannot find perfmon object in array returned by perfDLL, index=0

 

[ Application Events ]

Error - 2008-12-15 09:08:08 | Computer Name = UM | Source = vmauthd | ID = 100

Description = Cannot find perfmon object in array returned by perfDLL, index=0

 

Error - 2008-12-15 11:45:27 | Computer Name = UM | Source = vmauthd | ID = 100

Description = Cannot find perfmon object in array returned by perfDLL, index=0

 

Error - 2008-12-15 13:55:22 | Computer Name = UM | Source = Symantec AntiVirus | ID = 16711726

Description = Security Risk Found!Risk: Trojan Horse in File: C:\System Volume Information\_restore{7861127C-E3B9-489F-A71F-9422B20404C2}\RP13\A0005947.exe

by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The

file was quarantined successfully.

 

Error - 2008-12-15 13:55:22 | Computer Name = UM | Source = Symantec AntiVirus | ID = 16711685

Description = Risk Found!Risk: Trojan Horse in File: C:\System Volume Information\_restore{7861127C-E3B9-489F-A71F-9422B20404C2}\RP13\A0005947.exe

by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:

The file was quarantined successfully.

 

Error - 2008-12-15 13:55:22 | Computer Name = UM | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Risk: Trojan Horse in File: C:\System Volume Information\_restore{7861127C-E3B9-489F-A71F-9422B20404C2}\RP13\A0005947.exe

by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:

The file was quarantined successfully.

 

Error - 2008-12-15 18:23:52 | Computer Name = UM | Source = vmauthd | ID = 100

Description = Cannot find perfmon object in array returned by perfDLL, index=0

 

Error - 2008-12-16 08:53:24 | Computer Name = UM | Source = vmauthd | ID = 100

Description = Cannot find perfmon object in array returned by perfDLL, index=0

 

Error - 2008-12-16 11:45:04 | Computer Name = UM | Source = vmauthd | ID = 100

Description = Cannot find perfmon object in array returned by perfDLL, index=0

 

Error - 2008-12-16 12:57:53 | Computer Name = UM | Source = vmauthd | ID = 100

Description = Cannot find perfmon object in array returned by perfDLL, index=0

 

Error - 2008-12-16 13:09:25 | Computer Name = UM | Source = vmauthd | ID = 100

Description = Cannot find perfmon object in array returned by perfDLL, index=0

 

[ System Events ]

Error - 2008-12-16 13:03:02 | Computer Name = UM | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço EventSystem

com argumentos "" para iniciar o servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 2008-12-16 13:03:15 | Computer Name = UM | Source = Service Control Manager | ID = 7001

Description = O serviço Cliente DHCP depende do serviço NetBios em Tcpip, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2008-12-16 13:03:15 | Computer Name = UM | Source = Service Control Manager | ID = 7001

Description = O serviço Cliente DNS depende do serviço Driver de protocolo TCP/IP,

mas não foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2008-12-16 13:03:15 | Computer Name = UM | Source = Service Control Manager | ID = 7001

Description = O serviço Auxiliar NetBIOS TCP/IP depende do serviço AFD, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2008-12-16 13:03:15 | Computer Name = UM | Source = Service Control Manager | ID = 7001

Description = O serviço Serviços IPSEC depende do serviço Driver IPSEC, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2008-12-16 13:03:15 | Computer Name = UM | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT

SAVRTPEL

SPBBCDrv

SYMTDI

Tcpip

 

Error - 2008-12-16 13:03:34 | Computer Name = UM | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço netman com

argumentos "" para iniciar o servidor: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error - 2008-12-16 13:08:24 | Computer Name = UM | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

 

Error - 2008-12-16 13:08:24 | Computer Name = UM | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço LogMeIn Kernel Information Provider

devido ao seguinte erro: %%3

 

Error - 2008-12-16 13:08:51 | Computer Name = UM | Source = System Error | ID = 1003

Description = Código de erro 00000093, parâmetro1 000002d4, parâmetro2 00000000,

parâmetro3 00000000, parâmetro4 00000000.

 

 

< End of report >

[Tigre13 0]

Olá,

 

Continuo aguardando a continuidade do processo.

[MGuitar 11]

1ª Etapa

 

- Faça o download do OTMoveIt3 e salve no desktop;

 

● Dê um duplo clique no ícone do programa (OTMoveIt3) para executá-lo;

● Selecione e copie todo este conteúdo aqui abaixo:

 

:Services

 

:Files

C:\FOUND.001

C:\FOUND.000

C:\khr

C:\windows\System32\autorun.inf

 

:Commands

[emptytemp]

[Reboot]

 

● Cole o que você copiou no programa (no espaço em branco da janela);

● Clique no botão MoveIt;

● Se aparecer uma mensagem para reiniciar o computador, reinicie-o;

● Na sua proxima resposta, copie e cole o todo o conteúdo que está em Results;

● Se o computador reiniciou, vá na pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

 

 

2ª Etapa

 

- Baixe o Dr.WebCureit e salve no desktop;

 

● Execute o arquivo drweb-cureit.exe;

● Clique em Iniciar e escolha a verificação express scan;

● Se for encontrado, algum ficheiro infectado, clique no botão yes, para acionar a cura.

● Quando o scan rápido terminar, clique em Opções > Alterar Definições.

● Na aba Verificação, desmarque a Análise Heurística e confirme!

● De volta à janela principal, marque os drives que deseja examinar

● Selecione todos! Um ponto vermelho, vai indicar os drives selecionados.

● Clique na seta verde, para iniciar o exame.

 

 

● Caso haja uma solicitação, para curar/mover o arquivo, clique em Sim, para todos.

● Quando o exame terminar, observe se o ícone "objetos encontrados" está habilitado.

● Se estiver, clique nele!

● À seguir clique no ícone, logo abaixo, e selecione: Mover incurable

 

 

● Caso o programa não possa curá-los, ele irá move-los para a pasta Quarentena, no diretório DoctorWeb.

● Feito isto, vá no menu superior e clique na opção Ficheiros > Guardar listas de arquivos.

● Salve a lista no desktop ( DrWeb.csv ) <-- Relatório para postagem!

● Feche o programa!

● Reinicie o computador, para que o programa termine de deletar/mover, os arquivos que estavam sendo utilizados.

 

Na sua próxima resposta, preciso de um novo log do HijackThis e o log do Dr.WebCureit.

 

 

3ª Etapa

 

- Faça um novo log do OTListIt.

 

Em sua próxima resposta, poste os logs do OTMoveIt3, Dr.WebCureit e OTListIt novo.

 

OBS: Para que o tópico não fique "sujo" com tantos logs, sugiro que upe (pelo menos) os logs do Dr.WebCureit e OTListit no host abaixo e poste o link para download dos logs aqui.

http://rapidshare.com/

[Tigre13 0]

Olá,

 

Segue link dos relatório:

 

http://rapidshare.com/files/176736698/1225...121937.log.html

 

http://rapidshare.com/files/176736888/hijackthis.log.html

 

http://rapidshare.com/files/176736984/DrWeb.csv.html

 

A etapa 3 não foi executada, pois não consegui até agora baixar o OTListIt.

[MGuitar 11]

Delete a pasta C:\_OTMoveIt.

 

Aparentemente os logs estão limpos.

 

Os arquivos citados anteriormente por você:

 

.rnd 1 kb Arquivo RND 06/07/08

cmld 256kb Arquivo 03/08/04

khr 0 kb Arquivo de Sistema 08/12/08

ntldr 246 kb Arquivo de Sistema 04/08/04

Ainda estão presentes na máquina?

[Tigre13 0]

Olá,

 

ainda estão presentes:

 

.rnd 1 kb Arquivo RND 06/07/08

cmld 256 kb Arquivo 03/08/04

ntldr 246 kb Arquivo de Sistema 04/08/04

[MGuitar 11]

Olá,

 

ainda estão presentes:

 

cmld 256 kb Arquivo 03/08/04

ntldr 246 kb Arquivo de Sistema 04/08/04

Estes dois arquivos acima legítmos e não devem ser removidos do sistema.

 

Já este abaixo é uma infecção:

 

.rnd

 

- Faça o download do Avenger e salve-o no desktop;

 

● Extraia o conteúdo do zip para o desktop;

● Selecione e copie o texto aqui abaixo:

 

Files to delete:C:\.rnd

 

● Execute o programa Avenger, dando dois cliques em avenger.exe;

● Clique no menu Load Script > Paste from Clipboard;

● Clique no botão Execute > Yes > OK;

● Seu computador será reiniciado;

● Será gerado um log em C:\avenger.txt

 

Cole este log em sua próxima resposta.

[Tigre13 0]

Olá,

 

Aqui está o log do avenger

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

File "C:\.rnd" deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

[MGuitar 11]

Delete a pasta C:\Avenger e a ferramenta também.

 

- Com o navegador Internet Explorer, acesse o Eset Online Scanner;

- Marque a caixinha Yes, I accept the terms of use, e clique em Start.

- Na proxima janela clique com o botão direito sobre a caixinha e selecione Instalar controle activeX.

- Aguarde o aviso de segurança e clique em Instalar.

- Na proxima pagina, clique em Start e aguarde;

- Marque as auas caixinhas e clique em Scan. Aguarde;

- Quando o scan terminar o log podera ser visto em C:\arquivos de programas\esetonlinescanner\log.

 

Poste este log em sua próxima resposta.

[Tigre13 0]

Olá,

 

segue o log do Eset Online Scanner:

 

# version=4

# OnlineScanner.ocx=1.0.0.635

# OnlineScannerDLLA.dll=1, 0, 0, 79

# OnlineScannerDLLW.dll=1, 0, 0, 78

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=3721 (20081229)

# vers_arch_module=1.064 (20080214)

# vers_adv_heur_module=1.064 (20070717)

# EOSSerial=cd74871810d727498058535ff2fddb41

# end=finished

# remove_checked=true

# unwanted_checked=true

# utc_time=2008-12-29 08:42:14

# local_time=2008-12-29 06:42:14 (-0300, Horário brasileiro de verão)

# country="Brazil"

# osver=5.1.2600 NT Service Pack 2

# scanned=383792

# found=3

# scan_time=3070

C:\Recycled\Dc1\MovedFiles\12252008_121937\windows\System32\autorun.inf INF/Autorun.gen trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\Backup\emails\Incred Mail 05-06-2008\IM\Identities\{89740109-BA9F-417F-9018-2AB3A53EAE9F}\Message Store\Message Store\Deleted Items.imm HTML/Phishing.gen trojan (contained infected files) 31EDCC3291907DA54A6ED7132A863EF5

D:\Backup\emails\Incred Mail 05-06-2008\IM\Identities\{89740109-BA9F-417F-9018-2AB3A53EAE9F}\Message Store\Message Store\Deleted Items.imm »MIME »part000.htm HTML/Phishing.gen trojan (unable to clean - deleted) 00000000000000000000000000000000