[Arquivado] Log do Hijackthis

[silmawiel 0]

Não sei qual o problema, gostaria que me ajudassem a identificar!

Obrigada!

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:05:51, on 5/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe

C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Carol e Jaime\Desktop\HiJackThis.exe

C:\Arquivos de programas\Windows NT\Acessórios\wordpad.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKLM\..\Policies\Explorer\Run: [TABAJARA-809F1B] .vbe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230947774968

O17 - HKLM\System\CCS\Services\Tcpip\..\{990BD5DB-51C9-436E-946A-0866F5A0F7D4}: NameServer = 189.40.224.5 10.223.246.102

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 5514 bytes

[Sam Spade 2]

Olá silmawiel! Sabe algo sobre essa entrada?

 

O4 - HKLM\..\Policies\Explorer\Run: [TABAJARA-809F1B] .vbe

[silmawiel 0]

Tentei pesquisar sobre ele e é um virus que tá na net desde abril do ano passado, mas não sei como tirá-lo, preciso que me ajudem!

[silmawiel 0]

Ta ae o que consegui!

 

Vírus VBS/Autorun.VF

Data em que surgiu: 18/04/2008

Tipo: Worm

Incluído na lista "In The Wild" Sim

Nível de danos: De baixo a médio

Nível de distribuição: De baixo a médio

Nível de risco: De baixo a médio

Ficheiro estático: Não

Tamanho: ~18.000 Bytes

Versão IVDF: 7.00.03.188

 

Vulgarmente Meio de transmissão:

• Unidade de rede

 

 

Alias:

• Mcafee: W32/Autorun.worm.cg

• Kaspersky: Worm.VBS.Autorun.r

• TrendMicro: VBS_AGENT.AMAF

• F-Secure: Worm.VBS.Autorun.r

• Sophos: VBS/Autorun-EC

• Bitdefender: Worm.VBS.Autorun.D

 

 

Sistemas Operativos:

• Windows 98

• Windows 98 SE

• Windows NT

• Windows ME

• Windows 2000

• Windows XP

• Windows 2003

 

 

Efeitos secundários:

• Acesso à disquete

• Descarrega ficheiros

• Altera o registo do Windows

 

Ficheiros Autocopia-se para as seguintes localizações

• %SYSDIR%\.vbe

• %SYSDIR%\wbem\.vbe

• %unidade%:\.vbe

 

 

 

São criados os seguintes ficheiros:

 

– %unidade%:\autorun.inf É um ficheiro de texto não malicioso com o seguinte conteúdo:

•

Registry (Registo do Windows) É adicionado o seguinte valor ao registo do Windows de forma a que o processo seja executado depois do computador ser reiniciado:

 

– [HKLM\software\microsoft\windows\currentversion\policies\explorer\

run]

• %nome do computador% = .vbe

 

 

 

É adicionada a seguinte chave de registo:

 

– [HKLM\software\%nome do computador%]

• %dependente do sistema%

 

 

 

O seguinte valor do registo é alterado:

 

Desactiva o Regedit e o Gestor de Tarefas:

– [HKCU\software\microsoft\windows\currentversion\explorer\advanced]

Valor recente:

• showsuperhidden = 0

[silmawiel 0]

Olá, passei o antivirus panda online e o relatorio é este que se apresenta ai embaixo!

 

;*******************************************************************************

*********************************************************************************

*******************

ANALYSIS: 2009-01-07 09:29:12

PROTECTIONS: 0

MALWARE: 7

SUSPECTS: 0

;*******************************************************************************

*********************************************************************************

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

=================================================================================

===================

;===============================================================================

=================================================================================

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

=================================================================================

===================

00055522 Eicar.Mod Virus No 0 No No C:\System Volume Information\_restore{93FC3F7D-921A-442C-93AD-FCCF59ED3ACC}\RP3\A0002181.exe[eicar.html]

00055522 Eicar.Mod Virus No 0 No No C:\System Volume Information\_restore{93FC3F7D-921A-442C-93AD-FCCF59ED3ACC}\RP3\A0004890.exe[eicar.html]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Carol e Jaime\Cookies\carol e jaime@atdmt[2].txt

00140033 Trj/Zapchast.I Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{93FC3F7D-921A-442C-93AD-FCCF59ED3ACC}\RP3\A0002570.EXE

00140033 Trj/Zapchast.I Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{93FC3F7D-921A-442C-93AD-FCCF59ED3ACC}\RP3\A0004498.EXE

00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Carol e Jaime\Cookies\carol e jaime@ig.com[2].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Carol e Jaime\Cookies\carol e jaime@uol.com[1].txt

00366244 Application/NirCmd.A HackTools No 0 No No C:\Downloads\Flash_Disinfector.exe[C:\Downloads\Flash_Disinfector.exe][nircmd.exe]

00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Carol e Jaime\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\9foj6znw.default\Cache\DF9A30BCd01[C:\Documents and Settings\Carol e Jaime\Configura├º├╡es locais\Dados de aplicativos\Mozilla\Firefox\Profiles\9foj6znw.default\Cache\DF9A30BCd01][nircmd.exe]

00509861 Hacktool/AngryScan HackTools No 1 Yes No C:\System Volume Information\_restore{93FC3F7D-921A-442C-93AD-FCCF59ED3ACC}\RP3\A0001725.EXE

00509861 Hacktool/AngryScan HackTools No 1 Yes No C:\System Volume Information\_restore{93FC3F7D-921A-442C-93AD-FCCF59ED3ACC}\RP3\A0005346.EXE

;===============================================================================

=================================================================================

===================

SUSPECTS

Sent Location &

;===============================================================================

=================================================================================

===================

;===============================================================================

=================================================================================

===================

VULNERABILITIES

Id Severity Description &

;===============================================================================

=================================================================================

===================

184380 MEDIUM MS08-002 &

184379 MEDIUM MS08-001 &

182048 HIGH MS07-069 &

182046 HIGH MS07-067 &

182043 HIGH MS07-064 &

179553 HIGH MS07-061 &

176382 HIGH MS07-057 &

176383 HIGH MS07-058 &

170911 HIGH MS07-050 &

170907 HIGH MS07-046 &

170906 HIGH MS07-045 &

170904 HIGH MS07-043 &

164915 HIGH MS07-035 &

164913 HIGH MS07-033 &

164911 HIGH MS07-031 &

160623 HIGH MS07-027 &

157262 HIGH MS07-022 &

157261 HIGH MS07-021 &

157260 HIGH MS07-020 &

157259 HIGH MS07-019 &

156477 HIGH MS07-017 &

150253 HIGH MS07-016 &

150249 HIGH MS07-013 &

150248 HIGH MS07-012 &

150247 HIGH MS07-011 &

150243 HIGH MS07-008 &

150242 HIGH MS07-007 &

150241 MEDIUM MS07-006 &

141034 HIGH MS06-076 &

141033 MEDIUM MS06-075 &

141030 HIGH MS06-072 &

137571 HIGH MS06-070 &

137568 HIGH MS06-067 &

133387 MEDIUM MS06-065 &

133386 MEDIUM MS06-064 &

133385 MEDIUM MS06-063 &

133379 HIGH MS06-057 &

131654 HIGH MS06-055 &

129977 MEDIUM MS06-053 &

129976 MEDIUM MS06-052 &

126093 HIGH MS06-051 &

126092 MEDIUM MS06-050 &

126087 HIGH MS06-046 &

126086 MEDIUM MS06-045 &

126083 HIGH MS06-042 &

126082 HIGH MS06-041 &

126081 HIGH MS06-040 &

123421 HIGH MS06-036 &

123420 HIGH MS06-035 &

120825 MEDIUM MS06-032 &

120823 MEDIUM MS06-030 &

120818 HIGH MS06-025 &

120815 HIGH MS06-022 &

120814 HIGH MS06-021 &

117384 MEDIUM MS06-018 &

114666 HIGH MS06-015 &

114664 HIGH MS06-013 &

108744 MEDIUM MS06-008 &

108743 MEDIUM MS06-007 &

108742 MEDIUM MS06-006 &

104567 HIGH MS06-002 &

104237 HIGH MS06-001 &

96574 HIGH MS05-053 &

93395 HIGH MS05-051 &

93394 HIGH MS05-050 &

93454 MEDIUM MS05-049 &

;===============================================================================

=================================================================================

===================

[Sam Spade 2]

Ok, baixe -> Random's System Information Tool (RSIT), de random/random

Salve na sua área de trabalho.

Execute o RSIT.exe, e na janela que vai abrir, clique em Continue.

Quando terminar, dois blocos de notas serão abertos:

log.txt -> abrirá maximizado

info.txt -> abrirá minimizado.

 

Copie o conteúdo dos arquivos info.txt e log.txt e cole na sua resposta.

 

Uma cópia desses arquivos ficará salva na pasta C:\RSIT

 

Obs: Se o seu firewall alertar sobre o arquivo rsit.exe tentando se conectar, certifique-se de permitir (allow).

[silmawiel 0]

Logfile of random's system information tool 1.05 (written by random/random)

Run by Carol e Jaime at 2009-01-08 22:07:15

Microsoft Windows XP Professional Service Pack 2

System drive C: has 70 GB (91%) free of 76 GB

Total RAM: 222 MB (12% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:08:14, on 8/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe

C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Carol e Jaime\Desktop\RSIT.exe

C:\Arquivos de programas\trend micro\Carol e Jaime.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [TABAJARA-809F1B] .vbe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230947774968

O17 - HKLM\System\CCS\Services\Tcpip\..\{990BD5DB-51C9-436E-946A-0866F5A0F7D4}: NameServer = 189.40.224.5 10.223.246.102

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 5689 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2009-01-08 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-01-08 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-08 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SoundMax"=C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

"Adobe Photo Downloader"=C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]

"SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]

"SiSRaid"=C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe [2005-03-01 897024]

"SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2005-05-26 49152]

"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2007-10-19 286720]

"googletalk"=C:\Arquivos de programas\Google\Google Talk\googletalk.exe [2007-01-01 3735552]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-01-08 136600]

"egui"=C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"TABAJARA-809F1B"=.vbe []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-09-02 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DISABLETASKMGR"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=36

"NoDriveAutoRun"=FFFFFFFF

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Console de gerenciamento Microsoft"

"C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1"

"C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206a7262-901d-11dd-8bd5-001558b1a75f}]

shell\AutoRun\command - dutlff.exe

shell\explore\command - dutlff.exe

shell\open\command - dutlff.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff1592c-da65-11dd-8bf9-001558b1a75f}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff1592d-da65-11dd-8bf9-001558b1a75f}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35fd4f0-d935-11dd-8bf7-001558b1a75f}]

shell\AutoRun\command - E:\AutoRun.exe

 

 

======File associations======

 

.txt - open - NOTEPAD.EXE %1

 

======List of files/folders created in the last 1 months======

 

2009-01-08 22:07:20 ----DC---- C:\Arquivos de programas\trend micro

2009-01-08 22:07:15 ----DC---- C:\rsit

2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\javaws.exe

2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\javaw.exe

2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\java.exe

2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-01-08 09:25:40 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Sun

2009-01-08 09:20:50 ----DC---- C:\Arquivos de programas\ESET

2009-01-07 22:50:39 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\ESET

2009-01-07 22:48:10 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2009-01-07 21:54:29 ----DC---- C:\Arquivos de programas\AutorunRemover

2009-01-07 21:53:46 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\WinRAR

2009-01-07 21:53:13 ----DC---- C:\Arquivos de programas\WinRAR

2009-01-07 10:03:13 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Malwarebytes

2009-01-07 10:03:05 ----DC---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-01-07 10:03:05 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2009-01-07 08:26:05 ----A---- C:\WINDOWS\system32\killVBS.vbs.txt

2009-01-07 08:24:41 ----DC---- C:\Arquivos de programas\Panda Security

2009-01-07 08:19:25 ----RASHDC---- C:\autorun.inf

2009-01-06 21:44:42 ----DC---- C:\Arquivos de programas\Java

2009-01-06 21:06:19 ----DC---- C:\Arquivos de programas\eMule

2009-01-06 21:04:11 ----D---- C:\Arquivos de programas\Arquivos comuns\Java

2009-01-06 21:02:17 ----DC---- C:\Arquivos de programas\LimeWire

2009-01-06 10:04:50 ----DC---- C:\Arquivos de programas\Softwin

2009-01-06 10:04:00 ----D---- C:\Arquivos de programas\Arquivos comuns\Softwin

2009-01-06 08:41:59 ----DC---- C:\Arquivos de programas\Google

2009-01-05 08:47:02 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Mozilla

2009-01-05 08:46:44 ----DC---- C:\Arquivos de programas\Mozilla Firefox

2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2009-01-04 14:52:03 ----RHDC---- C:\$VAULT$.AVG

2009-01-04 12:42:34 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Sony

2009-01-04 12:42:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Sony

2009-01-04 12:26:08 ----DC---- C:\Arquivos de programas\Sony Ericsson

2009-01-04 12:26:08 ----DC---- C:\Arquivos de programas\Sony

2009-01-04 12:24:54 ----DC---- C:\Arquivos de programas\QuickTime

2009-01-04 12:24:52 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2009-01-04 12:24:27 ----DC---- C:\Arquivos de programas\Apple Software Update

2009-01-04 12:24:27 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2009-01-04 12:20:06 ----RSD---- C:\WINDOWS\assembly

2009-01-04 12:19:15 ----D---- C:\WINDOWS\Microsoft.NET

2009-01-04 12:18:05 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

2009-01-04 11:52:41 ----A---- C:\WINDOWS\system32\ptpusb.dll

2009-01-04 11:52:39 ----A---- C:\WINDOWS\system32\ptpusd.dll

2009-01-02 23:58:27 ----A---- C:\WINDOWS\system32\wups2.dll

2009-01-02 23:58:27 ----A---- C:\WINDOWS\system32\wucltui.dll.mui

2009-01-02 23:58:26 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

2009-01-02 23:58:26 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

2009-01-02 23:58:25 ----D---- C:\WINDOWS\system32\SoftwareDistribution

2009-01-02 23:49:25 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Macromedia

2009-01-02 23:31:19 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt

2009-01-02 23:29:09 ----DC---- C:\Arquivos de programas\TIM Web Banda Larga

2008-12-15 20:25:13 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Ahead

 

======List of files/folders modified in the last 1 months======

 

2009-01-08 22:07:24 ----D---- C:\WINDOWS\Temp

2009-01-08 22:07:20 ----RDC---- C:\Arquivos de programas

2009-01-08 22:07:16 ----D---- C:\WINDOWS\Prefetch

2009-01-08 21:29:36 ----D---- C:\WINDOWS

2009-01-08 21:28:09 ----D---- C:\WINDOWS\system32\config

2009-01-08 10:41:52 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-08 09:34:45 ----D---- C:\WINDOWS\system32

2009-01-08 09:34:16 ----SHD---- C:\WINDOWS\Installer

2009-01-08 09:22:15 ----HD---- C:\WINDOWS\inf

2009-01-08 09:22:15 ----D---- C:\WINDOWS\system32\drivers

2009-01-08 09:21:52 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-07 21:55:38 ----DC---- C:\Downloads

2009-01-07 08:18:51 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy

2009-01-07 08:18:48 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-01-06 21:04:11 ----D---- C:\Arquivos de programas\Arquivos comuns

2009-01-06 10:03:46 ----D---- C:\WINDOWS\system

2009-01-06 10:03:25 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2009-01-06 10:02:58 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\AVG7

2009-01-04 18:52:18 ----D---- C:\WINDOWS\system32\wbem

2009-01-04 12:41:10 ----SD---- C:\WINDOWS\Tasks

2009-01-04 12:26:07 ----D---- C:\WINDOWS\WinSxS

2009-01-04 12:23:31 ----D---- C:\WINDOWS\system32\mui

2009-01-04 12:22:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-01-04 12:19:51 ----D---- C:\WINDOWS\system32\CatRoot

2009-01-04 12:19:29 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2009-01-04 12:19:21 ----D---- C:\Arquivos de programas\Internet Explorer

2009-01-04 12:18:22 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-01-03 00:13:27 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2009-01-02 23:58:32 ----D---- C:\WINDOWS\SoftwareDistribution

2009-01-02 23:58:29 ----D---- C:\WINDOWS\Help

2009-01-02 23:56:27 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-01-02 23:49:24 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Adobe

2009-01-02 23:47:36 ----SD---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Microsoft

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256]

R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280]

R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-05-25 11904]

R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-04 223616]

R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944]

R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-10-24 73224]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]

R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240]

R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600]

R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-24 101120]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704]

R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-05-25 245760]

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]

R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 BDFsDrv;BDFsDrv; \??\C:\Arquivos de programas\Softwin\BitDefender10\bdfsdrv.sys []

S3 BDRsDrv;BDRsDrv; \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys []

S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys []

S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]

S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-09-02 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-09-02 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 6to4;Serviço auxiliar IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 ekrn;Eset Service; C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]

R2 Iprip;RIP de escuta; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-01-08 152984]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

R2 SimpTcp;Serviços TCP/IP simples; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-28 19456]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 EhttpSrv;Eset HTTP Server; C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200]

S3 p2pgasvc;Autenticação de grupo de rede ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 p2pimsvc;Gerenciador de identidades ponto-a-ponto da Microsoft; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 p2psvc;Configuração de rede ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 PNRPSvc;Protocolo de resolução de nomes ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

 

-----------------EOF-----------------

 

 

info.txt logfile of random's system information tool 1.05 2009-01-08 22:08:18

 

======Uninstall list======

 

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x416 -uninst

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}

Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}

Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Autorun Virus Remover 2.3-->"C:\Arquivos de programas\AutorunRemover\unins000.exe"

eMule-->"C:\Arquivos de programas\eMule\Uninstall.exe"

ESET Smart Security-->MsiExec.exe /I{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}

Google Talk (remove only)-->"C:\Arquivos de programas\Google\Google Talk\uninstall.exe"

HijackThis 2.0.2-->"C:\Documents and Settings\Carol e Jaime\Desktop\HijackThis.exe" /uninstall

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 2.0 Language Pack - PTB-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\install.exe

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Office XP Professional com FrontPage-->MsiExec.exe /I{90280416-6000-11D3-8CFE-0050048383C9}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mozilla Firefox (3.0.5)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{DAB6053F-4CF0-4B97-8EAC-89073F4B9BC4}

Panda ActiveScan 2.0-->C:\Arquivos de programas\Panda Security\ActiveScan 2.0\as2uninst.exe

PhotoFiltre-->"C:\Arquivos de programas\PhotoFiltre\Uninst.exe"

QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}

SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe

SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem5.inf

SiSAGP driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x416

SiSRaidPackage-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\setup.exe" -l0x416

Sony Ericsson Media Manager 1.1-->MsiExec.exe /X{BB1BD1D9-EF9A-404F-B360-E3C379A82A8E}

SoundMAX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x416 -removeonly

TIM Web Banda Larga-->C:\Arquivos de programas\TIM Web Banda Larga\uninst.exe

Ulead Video ToolBox Basic-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x416

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: ESET Smart Security 3.0

FW: ESET Personal firewall

 

System event log

 

Computer Name: TABAJARA-809F1B

Event Code: 7036

Message: O serviço Compatibilidade com 'Troca rápida de usuário' entrou no estado executando.

 

Record Number: 5

Source Name: Service Control Manager

Time Written: 20090108212936.000000-120

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 7035

Message: O serviço Compatibilidade com 'Troca rápida de usuário' recebeu com êxito um controle Iniciar.

 

Record Number: 4

Source Name: Service Control Manager

Time Written: 20090108212936.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: TABAJARA-809F1B

Event Code: 7036

Message: O serviço Serviços de terminal entrou no estado executando.

 

Record Number: 3

Source Name: Service Control Manager

Time Written: 20090108212936.000000-120

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 3100

Message: O driver Microsoft IPv6 Developer Edition foi iniciado.

 

Record Number: 2

Source Name: Tcpip6

Time Written: 20090108212829.000000-120

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 10

Message: A unidade não mostrou oferecer suporte à reprodução de áudio digital.

 

Record Number: 1

Source Name: redbook

Time Written: 20090108212829.000000-120

Event Type: Informações

User:

 

Application event log

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço MSDTC (MSDTC) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 5

Source Name: LoadPerf

Time Written: 20080926161457.000000-180

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço TermService (Serviços de terminal) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 4

Source Name: LoadPerf

Time Written: 20080926161454.000000-180

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço RemoteAccess (Roteamento e acesso remoto) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 3

Source Name: LoadPerf

Time Written: 20080926161225.000000-180

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço PSched (PSched) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 2

Source Name: LoadPerf

Time Written: 20080926161201.000000-180

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço RSVP (QoS RSVP) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 1

Source Name: LoadPerf

Time Written: 20080926161200.000000-180

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Arquivos de programas\Arquivos comuns\Ulead Systems\MPEG;C:\Arquivos de programas\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=2c02

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Arquivos de programas\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Arquivos de programas\QuickTime\QTSystem\QTJava.zip

 

-----------------EOF-----------------

[Sam Spade 2]

Olá, o log mostrou que está infectada com vírus de pendrive. Uma das melhores formas para se proteger do vírus de pendrive é desativar o Auto-executar do Windows, pois o malware tem um arquivo chamado autorun.inf que faz o programa malicioso ser executado, ao conectar o drive removível ao PC.

 

Siga estas instruções:

 

Vá em Iniciar > Executar > digite: gpedit.msc

Diretiva Computador Local > Configurações do Computador > Modelos Administrativos > Clique uma vez em Sistema

 

No painel direito dê um duplo-clique em Desativar Auto-Executar

Marque Ativado > selecione Todas as unidades > Ok

 

Assim, você não será infectada automaticamente, ao conectar o drive infectado. Conecte os seus drives removíveis e formate-os.

 

Selecione e copie o conteúdo do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve com o nome de fix.reg. Salvar com o tipo: todos os arquivos. Salve na área de trabalho.

 

OBS: é importante que coloque o .reg (ponto reg) após o fix.

 

O arquivo deverá ficar com este ícone de Entradas de registro

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"TABAJARA-809F1B"=-

 

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206a7262-901d-11dd-8bd5-001558b1a75f}]

 

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff1592c-da65-11dd-8bf9-001558b1a75f}]

 

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff1592d-da65-11dd-8bf9-001558b1a75f}]

Configure o Windows para mostrar todos os arquivos

 

Baixe:

 

HostsXpert

KillBox

 

Salve ou imprima estas instruções:

 

1 - Rode o KillBox, marque Delete on Reboot e coloque em Full Path of File to Delete:

 

C:\WINDOWS\system32\killVBS.vbs.txt

 

Clique no botão . Responda Sim à pergunta.

 

Ao reiniciar o PC, aperte F8 intermitentemente. No menu escolha: modo seguro.

 

2 - Dê um duplo-clique no fix.reg. Aceite a incorporação ao registro.

 

3 - Abra o HostsXpert. Clique em Restore Microsoft's Hosts File. Clique em OK, feche o programa.

 

4 - Localize o arquivo em negrito e delete-o:

 

C:\autorun.inf <<< aqui

 

5 - Reinicie o PC normalmente. Rode novamente o RSIT e poste os novos logs.

[silmawiel 0]

3 - Abra o HostsXpert. Clique em Restore Microsoft's Hosts File. Clique em OK, feche o programa.

 

Apareceu esse erro após clicar em OK:

 

ERROR: Cannot creatr file C:\WINDOWS\SYSTEM32\DRIVERS\ECT\hosts

[Sam Spade 2]

Ok, prossiga com as instruções e veremos isso depois.

[silmawiel 0]

O problema é que não encontro o arquivo que você pediu!

[silmawiel 0]

O problema é que nao acho o arquivo que é pra deletar!

passei o rsit novamente e ta ae o log.

 

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Carol e Jaime at 2009-01-12 16:35:06

Microsoft Windows XP Professional Service Pack 2

System drive C: has 70 GB (91%) free of 76 GB

Total RAM: 1246 MB (66% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:35:20, on 12/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Carol e Jaime\Desktop\RSIT.exe

C:\Arquivos de programas\trend micro\Carol e Jaime.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230947774968

O17 - HKLM\System\CCS\Services\Tcpip\..\{990BD5DB-51C9-436E-946A-0866F5A0F7D4}: NameServer = 189.40.224.5 10.223.246.102

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 5571 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2009-01-08 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-01-08 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-08 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SoundMax"=C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

"Adobe Photo Downloader"=C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]

"SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]

"SiSRaid"=C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe [2005-03-01 897024]

"SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2005-05-26 49152]

"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2007-10-19 286720]

"googletalk"=C:\Arquivos de programas\Google\Google Talk\googletalk.exe [2007-01-01 3735552]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-01-08 136600]

"egui"=C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-09-02 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DISABLETASKMGR"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=36

"NoDriveAutoRun"=FFFFFFFF

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Console de gerenciamento Microsoft"

"C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1"

"C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35fd4f0-d935-11dd-8bf7-001558b1a75f}]

shell\AutoRun\command - E:\AutoRun.exe

 

 

======File associations======

 

.txt - open - NOTEPAD.EXE %1

 

======List of files/folders created in the last 1 months======

 

2009-01-09 22:36:21 ----A---- C:\WINDOWS\ntbtlog.txt

2009-01-09 22:32:30 ----DC---- C:\!KillBox

2009-01-09 22:24:26 ----HD---- C:\WINDOWS\system32\GroupPolicy

2009-01-09 07:51:33 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt

2009-01-08 22:07:20 ----DC---- C:\Arquivos de programas\trend micro

2009-01-08 22:07:15 ----DC---- C:\rsit

2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\javaws.exe

2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\javaw.exe

2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\java.exe

2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-01-08 09:25:40 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Sun

2009-01-08 09:20:50 ----DC---- C:\Arquivos de programas\ESET

2009-01-07 22:50:39 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\ESET

2009-01-07 22:48:10 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2009-01-07 21:54:29 ----DC---- C:\Arquivos de programas\AutorunRemover

2009-01-07 21:53:46 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\WinRAR

2009-01-07 21:53:13 ----DC---- C:\Arquivos de programas\WinRAR

2009-01-07 10:03:13 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Malwarebytes

2009-01-07 10:03:05 ----DC---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-01-07 10:03:05 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2009-01-07 08:24:41 ----DC---- C:\Arquivos de programas\Panda Security

2009-01-07 08:19:25 ----RASHDC---- C:\autorun.inf

2009-01-06 21:44:42 ----DC---- C:\Arquivos de programas\Java

2009-01-06 21:06:19 ----DC---- C:\Arquivos de programas\eMule

2009-01-06 21:04:11 ----D---- C:\Arquivos de programas\Arquivos comuns\Java

2009-01-06 21:02:17 ----DC---- C:\Arquivos de programas\LimeWire

2009-01-06 10:04:50 ----DC---- C:\Arquivos de programas\Softwin

2009-01-06 10:04:00 ----D---- C:\Arquivos de programas\Arquivos comuns\Softwin

2009-01-06 08:41:59 ----DC---- C:\Arquivos de programas\Google

2009-01-05 08:47:02 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Mozilla

2009-01-05 08:46:44 ----DC---- C:\Arquivos de programas\Mozilla Firefox

2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2009-01-04 14:52:03 ----RHDC---- C:\$VAULT$.AVG

2009-01-04 12:42:34 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Sony

2009-01-04 12:42:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Sony

2009-01-04 12:26:08 ----DC---- C:\Arquivos de programas\Sony Ericsson

2009-01-04 12:26:08 ----DC---- C:\Arquivos de programas\Sony

2009-01-04 12:24:54 ----DC---- C:\Arquivos de programas\QuickTime

2009-01-04 12:24:52 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2009-01-04 12:24:27 ----DC---- C:\Arquivos de programas\Apple Software Update

2009-01-04 12:24:27 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2009-01-04 12:20:06 ----RSD---- C:\WINDOWS\assembly

2009-01-04 12:19:15 ----D---- C:\WINDOWS\Microsoft.NET

2009-01-04 12:18:05 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

2009-01-04 11:52:41 ----A---- C:\WINDOWS\system32\ptpusb.dll

2009-01-04 11:52:39 ----A---- C:\WINDOWS\system32\ptpusd.dll

2009-01-02 23:58:27 ----A---- C:\WINDOWS\system32\wups2.dll

2009-01-02 23:58:27 ----A---- C:\WINDOWS\system32\wucltui.dll.mui

2009-01-02 23:58:26 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

2009-01-02 23:58:26 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

2009-01-02 23:58:25 ----D---- C:\WINDOWS\system32\SoftwareDistribution

2009-01-02 23:49:25 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Macromedia

2009-01-02 23:31:19 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt

2009-01-02 23:29:09 ----DC---- C:\Arquivos de programas\TIM Web Banda Larga

2008-12-15 20:25:13 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Ahead

 

======List of files/folders modified in the last 1 months======

 

2009-01-12 16:35:13 ----D---- C:\WINDOWS\Temp

2009-01-12 16:29:12 ----D---- C:\WINDOWS\system32\config

2009-01-12 16:18:50 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-10 23:51:38 ----D---- C:\WINDOWS\Prefetch

2009-01-09 22:36:21 ----D---- C:\WINDOWS

2009-01-09 22:36:10 ----D---- C:\WINDOWS\system32

2009-01-09 07:49:41 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-08 22:07:20 ----RDC---- C:\Arquivos de programas

2009-01-08 09:35:20 ----SHD---- C:\WINDOWS\Installer

2009-01-08 09:22:15 ----HD---- C:\WINDOWS\inf

2009-01-08 09:22:15 ----D---- C:\WINDOWS\system32\drivers

2009-01-07 21:55:38 ----DC---- C:\Downloads

2009-01-07 08:18:51 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy

2009-01-07 08:18:48 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-01-06 21:04:11 ----D---- C:\Arquivos de programas\Arquivos comuns

2009-01-06 10:03:46 ----D---- C:\WINDOWS\system

2009-01-06 10:03:25 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2009-01-06 10:02:58 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\AVG7

2009-01-04 18:52:18 ----D---- C:\WINDOWS\system32\wbem

2009-01-04 12:41:10 ----SD---- C:\WINDOWS\Tasks

2009-01-04 12:26:07 ----D---- C:\WINDOWS\WinSxS

2009-01-04 12:23:31 ----D---- C:\WINDOWS\system32\mui

2009-01-04 12:22:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-01-04 12:19:51 ----D---- C:\WINDOWS\system32\CatRoot

2009-01-04 12:19:29 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2009-01-04 12:19:21 ----D---- C:\Arquivos de programas\Internet Explorer

2009-01-04 12:18:22 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-01-03 00:13:27 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2009-01-02 23:58:32 ----D---- C:\WINDOWS\SoftwareDistribution

2009-01-02 23:58:29 ----D---- C:\WINDOWS\Help

2009-01-02 23:56:27 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-01-02 23:49:24 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Adobe

2009-01-02 23:47:36 ----SD---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Microsoft

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256]

R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280]

R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-05-25 11904]

R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-04 223616]

R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944]

R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-10-24 73224]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]

R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240]

R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600]

R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-24 101120]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704]

R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-05-25 245760]

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]

R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 BDFsDrv;BDFsDrv; \??\C:\Arquivos de programas\Softwin\BitDefender10\bdfsdrv.sys []

S3 BDRsDrv;BDRsDrv; \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys []

S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys []

S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]

S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-09-02 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-09-02 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 6to4;Serviço auxiliar IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 ekrn;Eset Service; C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]

R2 Iprip;RIP de escuta; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-01-08 152984]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

R2 SimpTcp;Serviços TCP/IP simples; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-28 19456]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 EhttpSrv;Eset HTTP Server; C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200]

S3 p2pgasvc;Autenticação de grupo de rede ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 p2pimsvc;Gerenciador de identidades ponto-a-ponto da Microsoft; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 p2psvc;Configuração de rede ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 PNRPSvc;Protocolo de resolução de nomes ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

 

-----------------EOF-----------------

[Sam Spade 2]

Ok, baixe: ComboFix > salve na área de trabalho

• Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.
  
• Dê um duplo-clique no combofix.exe, marque 1 e dê o enter para prosseguir o Fix. Aguarde pois é um pouco demorado.
  
• O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
  
• Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  
• IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
  
• Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta.
   
  OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)
  

 

O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

[silmawiel 0]

ComboFix 09-01-13.04 - Carol e Jaime 2009-01-14 14:48:08.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1246.868 [GMT -2:00]

Executando de: c:\documents and settings\Carol e Jaime\Desktop\ComboFix.exe

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Outdated)

FW: ESET Personal firewall *disabled*

* Criado um novo ponto de restauro

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_IPRIP

-------\Service_Iprip

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-14 to 2009-01-14 ))))))))))))))))))))))))))))

.

 

2009-01-13 22:31 . 2009-01-13 22:32 <DIR> d----c--- c:\arquivos de programas\DivX

2009-01-13 22:30 . 2009-01-13 22:30 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Apple Computer

2009-01-13 21:54 . 2009-01-13 21:55 <DIR> d----c--- c:\arquivos de programas\Safari

2009-01-13 21:24 . 2009-01-13 21:24 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-01-13 21:24 . 2009-01-13 21:25 <DIR> d----c--- c:\arquivos de programas\QuickTime

2009-01-13 21:24 . 2009-01-13 21:24 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Apple

2009-01-13 20:43 . 2009-01-13 20:43 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple

2009-01-13 20:43 . 2009-01-13 20:43 <DIR> d----c--- c:\arquivos de programas\Apple Software Update

2009-01-09 22:32 . 2009-01-12 16:23 <DIR> d----c--- C:\!KillBox

2009-01-09 22:24 . 2009-01-09 22:24 <DIR> d--h----- c:\windows\system32\GroupPolicy

2009-01-08 22:07 . 2009-01-08 22:08 <DIR> d----c--- C:\rsit

2009-01-08 22:07 . 2009-01-12 16:35 <DIR> d----c--- c:\arquivos de programas\trend micro

2009-01-08 10:34 . 2009-01-08 10:34 <DIR> d---s---- c:\documents and settings\Carol e Jaime\UserData

2009-01-08 09:34 . 2009-01-08 09:34 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-08 09:20 . 2009-01-08 09:20 <DIR> d----c--- c:\arquivos de programas\ESET

2009-01-07 22:50 . 2009-01-07 22:50 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\ESET

2009-01-07 22:48 . 2009-01-08 08:53 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\ESET

2009-01-07 21:54 . 2009-01-09 08:18 <DIR> d----c--- c:\arquivos de programas\AutorunRemover

2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Malwarebytes

2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d----c--- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-01-07 10:03 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-07 10:03 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-07 08:31 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2009-01-07 08:24 . 2009-01-07 08:24 <DIR> d----c--- c:\arquivos de programas\Panda Security

2009-01-06 21:45 . 2009-01-08 09:34 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-06 21:44 . 2009-01-08 09:34 <DIR> d----c--- c:\arquivos de programas\Java

2009-01-06 21:06 . 2009-01-06 22:04 <DIR> d----c--- c:\arquivos de programas\eMule

2009-01-06 21:04 . 2009-01-06 21:04 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Java

2009-01-06 21:02 . 2009-01-06 21:02 <DIR> d----c--- c:\arquivos de programas\LimeWire

2009-01-06 10:10 . 2009-01-07 08:00 81,984 --a------ c:\windows\system32\bdod.bin

2009-01-06 10:04 . 2009-01-06 10:04 <DIR> d----c--- c:\arquivos de programas\Softwin

2009-01-06 10:04 . 2009-01-07 07:08 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Softwin

2009-01-06 08:41 . 2009-01-06 08:42 <DIR> d----c--- c:\arquivos de programas\Google

2009-01-05 08:47 . 2009-01-05 08:47 0 --a------ c:\windows\nsreg.dat

2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2009-01-04 14:52 . 2009-01-05 22:02 <DIR> dr-h-c--- C:\$VAULT$.AVG

2009-01-04 12:42 . 2009-01-04 12:42 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Sony

2009-01-04 12:42 . 2009-01-04 12:42 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Sony

2009-01-04 12:26 . 2009-01-04 12:26 <DIR> d----c--- c:\arquivos de programas\Sony Ericsson

2009-01-04 12:26 . 2009-01-04 12:26 <DIR> d----c--- c:\arquivos de programas\Sony

2009-01-04 11:52 . 2004-08-04 00:45 159,232 --a------ c:\windows\system32\ptpusd.dll

2009-01-04 11:52 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2009-01-04 11:52 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2009-01-04 11:52 . 2001-09-05 23:50 5,632 --a------ c:\windows\system32\ptpusb.dll

2009-01-02 23:58 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll

2009-01-02 23:58 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui

2009-01-02 23:58 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui

2009-01-02 23:58 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

2009-01-02 23:58 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui

2009-01-02 23:30 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys

2009-01-02 23:30 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys

2009-01-02 23:29 . 2009-01-02 23:35 <DIR> d----c--- c:\arquivos de programas\TIM Web Banda Larga

2009-01-02 23:29 . 2007-08-24 19:45 101,120 -ra------ c:\windows\system32\drivers\ewusbmdm.sys

2009-01-02 23:29 . 2007-08-24 19:45 24,448 -ra------ c:\windows\system32\drivers\ewdcsc.sys

2008-12-15 20:25 . 2008-12-15 20:25 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Ahead

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-07 10:18 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-01-07 10:18 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2009-01-06 12:03 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg7

2009-01-06 12:02 --------- d-----w c:\documents and settings\Convidado\Dados de aplicativos\AVG7

2009-01-06 12:02 --------- d-----w c:\documents and settings\Carol e Jaime\Dados de aplicativos\AVG7

2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll

2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll

2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll

2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll

2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll

2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll

2008-12-03 11:41 --------- d-----w c:\documents and settings\Carol e Jaime\Dados de aplicativos\AdobeUM

2008-11-06 16:37 524,288 ----a-w c:\windows\system32\DivXsm.exe

2008-11-06 16:37 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-11-06 16:37 129,784 ------w c:\windows\system32\pxafs.dll

2008-11-06 16:37 120,056 ------w c:\windows\system32\pxcpyi64.exe

2008-11-06 16:37 118,520 ------w c:\windows\system32\pxinsi64.exe

2008-11-06 16:35 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-11-06 16:35 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx0c.dll

2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx07.dll

2008-11-06 16:33 815,104 ----a-w c:\windows\system32\divx_xx0a.dll

2008-11-06 16:33 802,816 ----a-w c:\windows\system32\divx_xx11.dll

2008-11-06 16:33 684,032 ----a-w c:\windows\system32\DivX.dll

2008-11-06 16:33 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:12 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"Adobe Photo Downloader"="c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"SiSRaid"="c:\arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2005-03-01 897024]

"googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3735552]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-01-08 136600]

"egui"="c:\arquivos de programas\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2008-09-06 413696]

"SiSPower"="SiSPower.dll" [2005-05-26 c:\windows\system32\SiSPower.dll]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2007-07-21 44544]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-10-05 266240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\Vio\Dvacm.acm

"msacm.ulmp3acm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\MPEG\ulmp3acm.acm

"msacm.mpegacm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\MPEG\mpegacm.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Arquivos de programas\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Agrupamento de Mesmo Nível do Windows

"3540:UDP"= 3540:UDP:Protocolo PNRP (Peer Name Resolution Protocol)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-07 28544]

R4 ekrn;Eset Service;c:\arquivos de programas\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]

S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35fd4f0-d935-11dd-8bf7-001558b1a75f}]

\Shell\AutoRun\command - E:\AutoRun.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Carol e Jaime\Dados de aplicativos\Mozilla\Firefox\Profiles\9foj6znw.default\

FF - plugin: c:\arquivos de programas\Microsoft Silverlight\npctrl.1.0.20926.0.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-14 14:50:59

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\tcpsvcs.exe

c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-01-14 14:52:57 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-01-14 16:52:55

 

Pré-execução: 13 pasta(s) 72.328.290.304 bytes disponíveis

Pós execução: 13 pasta(s) 72,579,530,752 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

 

206

[Sam Spade 2]

Olá, o ComboFix removeu um serviço e o autorun.inf não apreceu no log. Poste um novo log do RSIT.

[silmawiel 0]

Desculpe por ter demorado a responder, tava sem tempo!

 

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Carol e Jaime at 2009-01-25 13:39:18

Microsoft Windows XP Professional Service Pack 2

System drive C: has 68 GB (90%) free of 76 GB

Total RAM: 1246 MB (68% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:39:26, on 25/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Opera\opera.exe

C:\Documents and Settings\Carol e Jaime\Desktop\RSIT.exe

C:\Arquivos de programas\trend micro\Carol e Jaime.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230947774968

O17 - HKLM\System\CCS\Services\Tcpip\..\{990BD5DB-51C9-436E-946A-0866F5A0F7D4}: NameServer = 189.40.224.5 10.223.246.102

O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 4969 bytes

 

 

 

info.txt logfile of random's system information tool 1.05 2009-01-25 13:39:28

 

======Uninstall list======

 

-->C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x416 -uninst

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

DivX Codec-->C:\Arquivos de programas\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Arquivos de programas\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Plus DirectShow Filters-->C:\Arquivos de programas\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Web Player-->C:\Arquivos de programas\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Dziobas Rar Player 0.009.38-->"C:\Arquivos de programas\Dziobas Rar Player\unins000.exe"

ESET Smart Security-->MsiExec.exe /I{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}

Google Talk (remove only)-->"C:\Arquivos de programas\Google\Google Talk\uninstall.exe"

HijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstall

InternetTV 7.13-->"C:\Arquivos de programas\MMToolz\InternetTV\unins000.exe"

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Microsoft .NET Framework 2.0 Language Pack - PTB-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\install.exe

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Office XP Professional com FrontPage-->MsiExec.exe /I{90280416-6000-11D3-8CFE-0050048383C9}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{DAB6053F-4CF0-4B97-8EAC-89073F4B9BC4}

Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}

PhotoFiltre-->"C:\Arquivos de programas\PhotoFiltre\Uninst.exe"

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe

SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem5.inf

SiSAGP driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x416

SiSRaidPackage-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\setup.exe" -l0x416

Sony Ericsson Media Manager 1.1-->MsiExec.exe /X{BB1BD1D9-EF9A-404F-B360-E3C379A82A8E}

SoundMAX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x416 -removeonly

TIM Web Banda Larga-->C:\Arquivos de programas\TIM Web Banda Larga\uninst.exe

Ulead Video ToolBox Basic-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x416

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

 

======Security center information======

 

AV: ESET Smart Security 3.0

FW: ESET Personal firewall

 

System event log

 

Computer Name: TABAJARA-809F1B

Event Code: 7036

Message: O serviço Reconhecimento de local da rede (NLA) entrou no estado executando.

 

Record Number: 5

Source Name: Service Control Manager

Time Written: 20090125124229.000000-120

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 7036

Message: O serviço Serviço de descoberta SSDP entrou no estado executando.

 

Record Number: 4

Source Name: Service Control Manager

Time Written: 20090125124229.000000-120

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 7036

Message: O serviço Compatibilidade com 'Troca rápida de usuário' entrou no estado executando.

 

Record Number: 3

Source Name: Service Control Manager

Time Written: 20090125124229.000000-120

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 7035

Message: O serviço Compatibilidade com 'Troca rápida de usuário' recebeu com êxito um controle Iniciar.

 

Record Number: 2

Source Name: Service Control Manager

Time Written: 20090125124229.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: TABAJARA-809F1B

Event Code: 7036

Message: O serviço Serviços de terminal entrou no estado executando.

 

Record Number: 1

Source Name: Service Control Manager

Time Written: 20090125124229.000000-120

Event Type: Informações

User:

 

Application event log

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço MSDTC (MSDTC) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 5

Source Name: LoadPerf

Time Written: 20080926161457.000000-180

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço TermService (Serviços de terminal) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 4

Source Name: LoadPerf

Time Written: 20080926161454.000000-180

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço RemoteAccess (Roteamento e acesso remoto) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 3

Source Name: LoadPerf

Time Written: 20080926161225.000000-180

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço PSched (PSched) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 2

Source Name: LoadPerf

Time Written: 20080926161201.000000-180

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço RSVP (QoS RSVP) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 1

Source Name: LoadPerf

Time Written: 20080926161200.000000-180

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

[Sam Spade 2]

Olá, o log do RSIT está incompleto.

[silmawiel 0]

Logfile of random's system information tool 1.05 (written by random/random)

Run by Carol e Jaime at 2009-01-28 20:56:31

Microsoft Windows XP Professional Service Pack 2

System drive C: has 68 GB (89%) free of 76 GB

Total RAM: 1246 MB (67% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:56:41, on 28/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Opera\opera.exe

C:\Downloads\Antivirus\RSIT.exe

C:\Arquivos de programas\trend micro\Carol e Jaime.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Mobile Partner] "C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230947774968

O17 - HKLM\System\CCS\Services\Tcpip\..\{990BD5DB-51C9-436E-946A-0866F5A0F7D4}: NameServer = 189.40.224.5 10.223.246.102

O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 5407 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-01-26 304736]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2009-01-08 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-01-08 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-08 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

"SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]

"SiSRaid"=C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe [2005-03-01 897024]

"SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2005-05-26 49152]

"googletalk"=C:\Arquivos de programas\Google\Google Talk\googletalk.exe [2007-01-01 3735552]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-01-08 136600]

"egui"=C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264]

"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2008-09-06 413696]

"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2009-01-26 185872]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"Mobile Partner"=C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe [2009-01-02 110592]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-09-02 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDriveAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Console de gerenciamento Microsoft"

"C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1"

"C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35fd4f0-d935-11dd-8bf7-001558b1a75f}]

shell\AutoRun\command - E:\AutoRun.exe

 

 

======File associations======

 

.txt - open - NOTEPAD.EXE %1

 

======List of files/folders created in the last 1 months======

 

2009-01-28 20:56:31 ----DC---- C:\rsit

2009-01-26 16:55:12 ----D---- C:\Arquivos de programas\Arquivos comuns\xing shared

2009-01-26 16:55:07 ----A---- C:\WINDOWS\system32\rmoc3260.dll

2009-01-26 16:55:01 ----A---- C:\WINDOWS\system32\pndx5032.dll

2009-01-26 16:55:01 ----A---- C:\WINDOWS\system32\pndx5016.dll

2009-01-26 16:55:00 ----DC---- C:\Program Files

2009-01-26 16:55:00 ----A---- C:\WINDOWS\system32\pncrt.dll

2009-01-26 16:54:59 ----D---- C:\Arquivos de programas\Arquivos comuns\Real

2009-01-26 16:54:58 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Real

2009-01-25 14:52:51 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\BSplayer PRO

2009-01-25 14:52:45 ----DC---- C:\Arquivos de programas\Webteh

2009-01-25 14:49:00 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\VitySoft

2009-01-25 11:10:37 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Opera

2009-01-25 11:10:27 ----DC---- C:\Arquivos de programas\Opera

2009-01-18 08:51:11 ----D---- C:\WINDOWS\Minidump

2009-01-15 22:44:57 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\MMToolz

2009-01-15 22:44:20 ----DC---- C:\Arquivos de programas\MMToolz

2009-01-15 21:01:11 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\DivX

2009-01-15 15:38:03 ----DC---- C:\Arquivos de programas\Dziobas Rar Player

2009-01-15 15:24:07 ----D---- C:\WINDOWS\system32\appmgmt

2009-01-14 15:05:57 ----SHDC---- C:\RECYCLER

2009-01-14 14:45:47 ----RASHDC---- C:\cmdcons

2009-01-14 14:37:31 ----A---- C:\WINDOWS\zip.exe

2009-01-14 14:37:31 ----A---- C:\WINDOWS\VFIND.exe

2009-01-14 14:37:31 ----A---- C:\WINDOWS\SWREG.exe

2009-01-14 14:37:31 ----A---- C:\WINDOWS\sed.exe

2009-01-14 14:37:31 ----A---- C:\WINDOWS\NIRCMD.exe

2009-01-14 14:37:31 ----A---- C:\WINDOWS\grep.exe

2009-01-14 14:37:31 ----A---- C:\WINDOWS\fdsv.exe

2009-01-14 14:37:30 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-01-14 14:37:30 ----A---- C:\WINDOWS\SWSC.exe

2009-01-14 14:37:23 ----D---- C:\WINDOWS\ERDNT

2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\vxblock.dll

2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxwave.dll

2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxsfs.dll

2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxmas.dll

2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxinsi64.exe

2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxinsa64.exe

2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxhpinst.exe

2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxdrv.dll

2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxcpyi64.exe

2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxcpya64.exe

2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxafs.dll

2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\px.dll

2009-01-13 22:31:57 ----DC---- C:\Arquivos de programas\DivX

2009-01-13 22:30:55 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Apple Computer

2009-01-13 21:24:51 ----D---- C:\Arquivos de programas\Arquivos comuns\Apple

2009-01-13 21:24:46 ----DC---- C:\Arquivos de programas\QuickTime

2009-01-13 21:24:45 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2009-01-13 20:43:36 ----DC---- C:\Arquivos de programas\Apple Software Update

2009-01-13 20:43:36 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2009-01-09 22:36:21 ----A---- C:\WINDOWS\ntbtlog.txt

2009-01-09 22:24:26 ----HD---- C:\WINDOWS\system32\GroupPolicy

2009-01-09 07:51:33 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt

2009-01-08 22:07:20 ----DC---- C:\Arquivos de programas\trend micro

2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\javaws.exe

2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\javaw.exe

2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\java.exe

2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-01-08 09:25:40 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Sun

2009-01-08 09:20:50 ----DC---- C:\Arquivos de programas\ESET

2009-01-07 22:50:39 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\ESET

2009-01-07 22:48:10 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2009-01-07 21:54:29 ----DC---- C:\Arquivos de programas\AutorunRemover

2009-01-07 21:53:46 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\WinRAR

2009-01-07 21:53:13 ----DC---- C:\Arquivos de programas\WinRAR

2009-01-07 10:03:13 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Malwarebytes

2009-01-07 10:03:05 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2009-01-07 08:24:41 ----DC---- C:\Arquivos de programas\Panda Security

2009-01-07 08:19:25 ----RASHDC---- C:\autorun.inf

2009-01-06 21:44:42 ----DC---- C:\Arquivos de programas\Java

2009-01-06 21:06:19 ----DC---- C:\Arquivos de programas\eMule

2009-01-06 21:04:11 ----D---- C:\Arquivos de programas\Arquivos comuns\Java

2009-01-06 21:02:17 ----DC---- C:\Arquivos de programas\LimeWire

2009-01-06 10:04:50 ----DC---- C:\Arquivos de programas\Softwin

2009-01-06 10:04:00 ----D---- C:\Arquivos de programas\Arquivos comuns\Softwin

2009-01-06 08:41:59 ----DC---- C:\Arquivos de programas\Google

2009-01-05 08:47:02 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Mozilla

2009-01-05 08:46:44 ----DC---- C:\Arquivos de programas\Mozilla Firefox

2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2009-01-04 12:42:34 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Sony

2009-01-04 12:42:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Sony

2009-01-04 12:26:08 ----DC---- C:\Arquivos de programas\Sony Ericsson

2009-01-04 12:26:08 ----DC---- C:\Arquivos de programas\Sony

2009-01-04 12:20:06 ----RSD---- C:\WINDOWS\assembly

2009-01-04 12:19:15 ----D---- C:\WINDOWS\Microsoft.NET

2009-01-04 12:18:05 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

2009-01-04 11:52:41 ----A---- C:\WINDOWS\system32\ptpusb.dll

2009-01-04 11:52:39 ----A---- C:\WINDOWS\system32\ptpusd.dll

2009-01-02 23:58:27 ----A---- C:\WINDOWS\system32\wups2.dll

2009-01-02 23:58:27 ----A---- C:\WINDOWS\system32\wucltui.dll.mui

2009-01-02 23:58:26 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

2009-01-02 23:58:26 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

2009-01-02 23:58:25 ----D---- C:\WINDOWS\system32\SoftwareDistribution

2009-01-02 23:49:25 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Macromedia

2009-01-02 23:31:19 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt

2009-01-02 23:29:09 ----DC---- C:\Arquivos de programas\TIM Web Banda Larga

 

======List of files/folders modified in the last 1 months======

 

2009-01-28 20:56:39 ----D---- C:\WINDOWS\Prefetch

2009-01-28 20:55:08 ----D---- C:\WINDOWS\Temp

2009-01-28 20:08:43 ----D---- C:\WINDOWS\system32\config

2009-01-28 05:56:27 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-26 16:55:12 ----D---- C:\Arquivos de programas\Arquivos comuns

2009-01-26 16:55:07 ----D---- C:\WINDOWS\system32

2009-01-26 16:55:00 ----A---- C:\WINDOWS\system32\msvcr71.dll

2009-01-26 16:55:00 ----A---- C:\WINDOWS\system32\msvcp71.dll

2009-01-26 16:39:41 ----DC---- C:\Downloads

2009-01-25 15:14:34 ----D---- C:\WINDOWS

2009-01-25 14:52:45 ----RDC---- C:\Arquivos de programas

2009-01-25 11:10:37 ----SHD---- C:\WINDOWS\Installer

2009-01-15 15:25:06 ----D---- C:\WINDOWS\system32\drivers

2009-01-15 15:24:05 ----DC---- C:\Arquivos de programas\Adobe

2009-01-14 14:51:48 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-14 14:51:02 ----AC---- C:\WINDOWS\system.ini

2009-01-14 14:48:38 ----D---- C:\WINDOWS\AppPatch

2009-01-14 14:45:51 ----RASHC---- C:\boot.ini

2009-01-13 20:43:38 ----SD---- C:\WINDOWS\Tasks

2009-01-08 09:22:15 ----HD---- C:\WINDOWS\inf

2009-01-07 08:18:51 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy

2009-01-07 08:18:48 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-01-06 10:03:46 ----D---- C:\WINDOWS\system

2009-01-06 10:03:25 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2009-01-06 10:02:58 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\AVG7

2009-01-04 18:52:18 ----D---- C:\WINDOWS\system32\wbem

2009-01-04 12:26:07 ----D---- C:\WINDOWS\WinSxS

2009-01-04 12:23:31 ----D---- C:\WINDOWS\system32\mui

2009-01-04 12:22:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-01-04 12:19:51 ----D---- C:\WINDOWS\system32\CatRoot

2009-01-04 12:19:29 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2009-01-04 12:19:21 ----D---- C:\Arquivos de programas\Internet Explorer

2009-01-04 12:18:22 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-01-03 00:13:27 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2009-01-02 23:58:32 ----D---- C:\WINDOWS\SoftwareDistribution

2009-01-02 23:58:29 ----D---- C:\WINDOWS\Help

2009-01-02 23:56:27 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-01-02 23:49:24 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Adobe

2009-01-02 23:47:36 ----SD---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Microsoft

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280]

R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-05-25 11904]

R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-04 223616]

R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944]

R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-10-24 73224]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]

R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240]

R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600]

R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-24 101120]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704]

R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-05-25 245760]

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]

R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 BDFsDrv;BDFsDrv; \??\C:\Arquivos de programas\Softwin\BitDefender10\bdfsdrv.sys []

S3 BDRsDrv;BDRsDrv; \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys []

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys []

S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]

S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-09-02 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-09-02 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 6to4;Serviço auxiliar IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 ekrn;Eset Service; C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-01-08 152984]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

R2 SimpTcp;Serviços TCP/IP simples; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-28 19456]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 EHttpSrv;Eset HTTP Server; C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200]

S3 p2pgasvc;Autenticação de grupo de rede ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 p2pimsvc;Gerenciador de identidades ponto-a-ponto da Microsoft; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 p2psvc;Configuração de rede ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 PNRPSvc;Protocolo de resolução de nomes ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

 

-----------------EOF-----------------

 

 

info.txt logfile of random's system information tool 1.05 2009-01-28 20:56:43

 

======Uninstall list======

 

-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x416 -uninst

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

BS.Player PRO-->"C:\Arquivos de programas\Webteh\BSplayerPro\uninstall.exe"

DivX Codec-->C:\Arquivos de programas\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Arquivos de programas\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Plus DirectShow Filters-->C:\Arquivos de programas\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Web Player-->C:\Arquivos de programas\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Dziobas Rar Player 0.009.38-->"C:\Arquivos de programas\Dziobas Rar Player\unins000.exe"

ESET Smart Security-->MsiExec.exe /I{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}

Google Talk (remove only)-->"C:\Arquivos de programas\Google\Google Talk\uninstall.exe"

HijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstall

InternetTV 7.13-->"C:\Arquivos de programas\MMToolz\InternetTV\unins000.exe"

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Microsoft .NET Framework 2.0 Language Pack - PTB-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\install.exe

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Office XP Professional com FrontPage-->MsiExec.exe /I{90280416-6000-11D3-8CFE-0050048383C9}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{DAB6053F-4CF0-4B97-8EAC-89073F4B9BC4}

Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}

PhotoFiltre-->"C:\Arquivos de programas\PhotoFiltre\Uninst.exe"

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe

SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem5.inf

SiSAGP driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x416

SiSRaidPackage-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\setup.exe" -l0x416

Sony Ericsson Media Manager 1.1-->MsiExec.exe /X{BB1BD1D9-EF9A-404F-B360-E3C379A82A8E}

SoundMAX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x416 -removeonly

TIM Web Banda Larga-->C:\Arquivos de programas\TIM Web Banda Larga\uninst.exe

Ulead Video ToolBox Basic-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x416

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

 

======Security center information======

 

AV: ESET Smart Security 3.0

FW: ESET Personal firewall

 

System event log

 

Computer Name: TABAJARA-809F1B

Event Code: 7035

Message: O serviço Adaptador de desempenho WMI recebeu com êxito um controle Iniciar.

 

Record Number: 5

Source Name: Service Control Manager

Time Written: 20090128200847.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: TABAJARA-809F1B

Event Code: 7036

Message: O serviço IMAPI CD-Burning COM Service entrou no estado executando.

 

Record Number: 4

Source Name: Service Control Manager

Time Written: 20090128200845.000000-120

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 7035

Message: O serviço IMAPI CD-Burning COM Service recebeu com êxito um controle Iniciar.

 

Record Number: 3

Source Name: Service Control Manager

Time Written: 20090128200845.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: TABAJARA-809F1B

Event Code: 7036

Message: O serviço Serviço 'Gateway de camada de aplicativo' entrou no estado executando.

 

Record Number: 2

Source Name: Service Control Manager

Time Written: 20090128200843.000000-120

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 7035

Message: O serviço Serviço 'Gateway de camada de aplicativo' recebeu com êxito um controle Iniciar.

 

Record Number: 1

Source Name: Service Control Manager

Time Written: 20090128200843.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Application event log

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço MSDTC (MSDTC) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 5

Source Name: LoadPerf

Time Written: 20080926161457.000000-180

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço TermService (Serviços de terminal) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 4

Source Name: LoadPerf

Time Written: 20080926161454.000000-180

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço RemoteAccess (Roteamento e acesso remoto) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 3

Source Name: LoadPerf

Time Written: 20080926161225.000000-180

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço PSched (PSched) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 2

Source Name: LoadPerf

Time Written: 20080926161201.000000-180

Event Type: Informações

User:

 

Computer Name: TABAJARA-809F1B

Event Code: 1000

Message: Os contadores de desempenho para o serviço RSVP (QoS RSVP) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 1

Source Name: LoadPerf

Time Written: 20080926161200.000000-180

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\Arquivos comuns\Ulead Systems\MPEG;C:\Arquivos de programas\QuickTime\QTSystem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=2c02

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Arquivos de programas\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Arquivos de programas\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

[Sam Spade 2]

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

 

Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Folder::

C:\autorun.inf

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, então reinicie manualmente.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

 

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

 

Poste o novo log do ComboFix.

[silmawiel 0]

ComboFix 09-01-21.04 - Carol e Jaime 2009-01-30 20:03:01.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1246.899 [GMT -2:00]

Executando de: c:\documents and settings\Carol e Jaime\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Carol e Jaime\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

c:\autorun.inf\lpt3.This folder was created by Flash_Disinfector

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-28 to 2009-01-30 ))))))))))))))))))))))))))))

.

 

2009-01-30 19:49 . 2009-01-30 19:59 <DIR> d-------- c:\windows\LastGood

2009-01-28 20:56 . 2009-01-28 20:56 <DIR> d----c--- C:\rsit

2009-01-26 16:55 . 2009-01-26 16:55 <DIR> d----c--- C:\Program Files

2009-01-26 16:55 . 2009-01-26 16:55 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\xing shared

2009-01-26 16:54 . 2009-01-26 16:55 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Real

2009-01-25 14:52 . 2009-01-25 15:08 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\BSplayer PRO

2009-01-25 14:52 . 2009-01-25 14:52 <DIR> d----c--- c:\arquivos de programas\Webteh

2009-01-25 14:49 . 2009-01-25 14:49 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\VitySoft

2009-01-25 11:10 . 2009-01-25 11:10 <DIR> d----c--- c:\arquivos de programas\Opera

2009-01-15 22:44 . 2009-01-15 22:44 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\MMToolz

2009-01-15 22:44 . 2009-01-15 22:44 <DIR> d----c--- c:\arquivos de programas\MMToolz

2009-01-15 21:01 . 2009-01-15 21:01 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\DivX

2009-01-15 15:38 . 2009-01-15 15:46 <DIR> d----c--- c:\arquivos de programas\Dziobas Rar Player

2009-01-13 22:31 . 2009-01-13 22:32 <DIR> d----c--- c:\arquivos de programas\DivX

2009-01-13 22:30 . 2009-01-26 16:36 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Apple Computer

2009-01-13 21:24 . 2009-01-13 21:24 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-01-13 21:24 . 2009-01-13 21:25 <DIR> d----c--- c:\arquivos de programas\QuickTime

2009-01-13 21:24 . 2009-01-13 21:24 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Apple

2009-01-13 20:43 . 2009-01-13 20:43 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple

2009-01-13 20:43 . 2009-01-13 20:43 <DIR> d----c--- c:\arquivos de programas\Apple Software Update

2009-01-09 22:24 . 2009-01-09 22:24 <DIR> d--h----- c:\windows\system32\GroupPolicy

2009-01-08 22:07 . 2009-01-28 20:56 <DIR> d----c--- c:\arquivos de programas\trend micro

2009-01-08 10:34 . 2009-01-08 10:34 <DIR> d---s---- c:\documents and settings\Carol e Jaime\UserData

2009-01-08 09:34 . 2009-01-08 09:34 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-07 22:50 . 2009-01-07 22:50 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\ESET

2009-01-07 22:48 . 2009-01-08 08:53 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\ESET

2009-01-07 21:54 . 2009-01-09 08:18 <DIR> d----c--- c:\arquivos de programas\AutorunRemover

2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Malwarebytes

2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-01-07 08:24 . 2009-01-15 15:25 <DIR> d----c--- c:\arquivos de programas\Panda Security

2009-01-06 21:45 . 2009-01-08 09:34 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-06 21:44 . 2009-01-08 09:34 <DIR> d----c--- c:\arquivos de programas\Java

2009-01-06 21:06 . 2009-01-15 15:24 <DIR> d----c--- c:\arquivos de programas\eMule

2009-01-06 21:04 . 2009-01-06 21:04 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Java

2009-01-06 21:02 . 2009-01-06 21:02 <DIR> d----c--- c:\arquivos de programas\LimeWire

2009-01-06 10:10 . 2009-01-07 08:00 81,984 --a------ c:\windows\system32\bdod.bin

2009-01-06 10:04 . 2009-01-06 10:04 <DIR> d----c--- c:\arquivos de programas\Softwin

2009-01-06 10:04 . 2009-01-07 07:08 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Softwin

2009-01-06 08:41 . 2009-01-06 08:42 <DIR> d----c--- c:\arquivos de programas\Google

2009-01-05 08:47 . 2009-01-05 08:47 0 --a------ c:\windows\nsreg.dat

2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2009-01-04 12:42 . 2009-01-04 12:42 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Sony

2009-01-04 12:42 . 2009-01-04 12:42 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Sony

2009-01-04 12:26 . 2009-01-04 12:26 <DIR> d----c--- c:\arquivos de programas\Sony Ericsson

2009-01-04 12:26 . 2009-01-04 12:26 <DIR> d----c--- c:\arquivos de programas\Sony

2009-01-04 11:52 . 2004-08-04 00:45 159,232 --a------ c:\windows\system32\ptpusd.dll

2009-01-04 11:52 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2009-01-04 11:52 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2009-01-04 11:52 . 2001-09-05 23:50 5,632 --a------ c:\windows\system32\ptpusb.dll

2009-01-02 23:58 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll

2009-01-02 23:58 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui

2009-01-02 23:58 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui

2009-01-02 23:58 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

2009-01-02 23:58 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui

2009-01-02 23:30 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys

2009-01-02 23:30 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys

2009-01-02 23:29 . 2009-01-02 23:35 <DIR> d----c--- c:\arquivos de programas\TIM Web Banda Larga

2009-01-02 23:29 . 2007-08-24 19:45 101,120 -ra------ c:\windows\system32\drivers\ewusbmdm.sys

2009-01-02 23:29 . 2007-08-24 19:45 24,448 -ra------ c:\windows\system32\drivers\ewdcsc.sys

2008-12-15 20:25 . 2008-12-15 20:25 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Ahead

2008-12-10 22:33 . 2008-12-10 22:33 200,704 --a------ c:\windows\system32\dtu100.dll

2008-12-10 22:33 . 2008-12-10 22:33 86,016 --a------ c:\windows\system32\dpl100.dll

2008-12-09 00:28 . 2008-12-09 00:28 593,920 --a------ c:\windows\system32\dpuGUI11.dll

2008-12-09 00:28 . 2008-12-09 00:28 344,064 --a------ c:\windows\system32\dpus11.dll

2008-12-09 00:28 . 2008-12-09 00:28 294,912 --a------ c:\windows\system32\dpu11.dll

2008-12-09 00:28 . 2008-12-09 00:28 57,344 --a------ c:\windows\system32\dpv11.dll

2008-12-03 09:41 . 2008-12-03 09:41 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\AdobeUM

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-26 18:55 499,712 ----a-w c:\windows\system32\msvcp71.dll

2009-01-26 18:55 348,160 ----a-w c:\windows\system32\msvcr71.dll

2009-01-07 10:18 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-01-07 10:18 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2009-01-06 12:03 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg7

2009-01-06 12:02 --------- d-----w c:\documents and settings\Convidado\Dados de aplicativos\AVG7

2009-01-06 12:02 --------- d-----w c:\documents and settings\Carol e Jaime\Dados de aplicativos\AVG7

2008-11-06 16:37 524,288 ----a-w c:\windows\system32\DivXsm.exe

2008-11-06 16:37 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-11-06 16:37 129,784 ------w c:\windows\system32\pxafs.dll

2008-11-06 16:37 120,056 ------w c:\windows\system32\pxcpyi64.exe

2008-11-06 16:37 118,520 ------w c:\windows\system32\pxinsi64.exe

2008-11-06 16:35 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-11-06 16:35 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx0c.dll

2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx07.dll

2008-11-06 16:33 815,104 ----a-w c:\windows\system32\divx_xx0a.dll

2008-11-06 16:33 802,816 ----a-w c:\windows\system32\divx_xx11.dll

2008-11-06 16:33 684,032 ----a-w c:\windows\system32\DivX.dll

2008-11-06 16:33 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:12 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 15:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

2008-10-16 15:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

2008-10-16 15:03 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Mobile Partner"="c:\arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe" [2009-01-02 110592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"SiSRaid"="c:\arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2005-03-01 897024]

"googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3735552]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-01-08 136600]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-01-26 185872]

"SiSPower"="SiSPower.dll" [2005-05-26 c:\windows\system32\SiSPower.dll]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2007-07-21 44544]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-10-05 266240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\Vio\Dvacm.acm

"msacm.ulmp3acm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\MPEG\ulmp3acm.acm

"msacm.mpegacm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\MPEG\mpegacm.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Arquivos de programas\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Agrupamento de Mesmo Nível do Windows

"3540:UDP"= 3540:UDP:Protocolo PNRP (Peer Name Resolution Protocol)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R4 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]

S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35fd4f0-d935-11dd-8bf7-001558b1a75f}]

\Shell\AutoRun\command - E:\AutoRun.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office10\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-30 20:04:00

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2009-01-30 20:05:27

ComboFix-quarantined-files.txt 2009-01-30 22:05:23

 

Pré-execução: 12 pasta(s) 70.746.791.936 bytes disponíveis

Pós execução: 11 pasta(s) 70,744,231,936 bytes disponíveis

 

188