[Resolvido!] Log

[Ricardolima11 0]

Olá. Preciso de ajuda no meu log por favor. Muito obrigado.

 

Logfile of HijackThis v1.99.1

Scan saved at 18:16:36, on 4/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Tibia\Tibia.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: ascfix - ascfix.dll (file missing)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

[DigRam 144]

Boa Tarde! Ricardolima11

 

<!> O log não apresenta entradas ruins. O que ocorre?

-------------------------

<@> Baixe: < RSIT > ( ...by random/random )

<@> Salve-o,diretamente,no Disco Local ( C ).

<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.

<@> Na janela que abrir,disclamer,clique em "Continue".

<@> Aguarde a conclusão de "Running HijackThis". <-- Pseudo!

<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!

<@> Poste,também,na sua resposta: info.txt,que estará em C:\rsit\info.txt <--

 

Abraços!

[Ricardolima11 0]

Log.txt:

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Usuario at 2009-02-05 13:35:58

Microsoft Windows XP Professional Service Pack 2

System drive C: has 339 MB (4%) free of 10 GB

Total RAM: 255 MB (22% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:37:08, on 5/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\RSIT.exe

C:\Arquivos de programas\trend micro\Usuario.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

 

--

End of file - 5908 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\At1.job

C:\WINDOWS\tasks\At10.job

C:\WINDOWS\tasks\At11.job

C:\WINDOWS\tasks\At12.job

C:\WINDOWS\tasks\At13.job

C:\WINDOWS\tasks\At14.job

C:\WINDOWS\tasks\At15.job

C:\WINDOWS\tasks\At16.job

C:\WINDOWS\tasks\At17.job

C:\WINDOWS\tasks\At18.job

C:\WINDOWS\tasks\At19.job

C:\WINDOWS\tasks\At2.job

C:\WINDOWS\tasks\At20.job

C:\WINDOWS\tasks\At21.job

C:\WINDOWS\tasks\At22.job

C:\WINDOWS\tasks\At23.job

C:\WINDOWS\tasks\At24.job

C:\WINDOWS\tasks\At3.job

C:\WINDOWS\tasks\At4.job

C:\WINDOWS\tasks\At5.job

C:\WINDOWS\tasks\At6.job

C:\WINDOWS\tasks\At7.job

C:\WINDOWS\tasks\At8.job

C:\WINDOWS\tasks\At9.job

C:\WINDOWS\tasks\GlaryInitialize.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E3C3651-B19C-4DD9-A979-901EC3E930AF}]

ssh2 Class - C:\Arquivos de programas\Scpad\scpsssh2.dll [2007-12-12 214272]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-12-12 201984]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-12-12 201984]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Tibia\Tibia.exe"="C:\Arquivos de programas\Tibia\Tibia.exe:*:Enabled:Tibia Player"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

======File associations======

 

.js - open - "C:\Arquivos de programas\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

 

======List of files/folders created in the last 1 months======

 

2009-02-05 13:35:58 ----D---- C:\rsit

2009-02-05 13:35:58 ----D---- C:\Arquivos de programas\trend micro

2009-02-05 13:35:23 ----A---- C:\RSIT.exe

2009-02-04 19:46:16 ----D---- C:\Arquivos de programas\AnVir Task Manager Free

2009-02-04 19:38:51 ----A---- C:\Startup Programs (USUARIO-HOME) 2009-02-04 19.38.47.txt

2009-02-04 19:38:29 ----A---- C:\Silent Runners.vbs

2009-02-04 19:35:15 ----D---- C:\LinhaDefensiva

2009-02-04 19:34:45 ----A---- C:\bankerfix.exe

2009-02-04 19:29:16 ----SHD---- C:\RECYCLER

2009-02-04 19:23:58 ----D---- C:\WINDOWS\temp

2009-02-04 19:23:52 ----A---- C:\ComboFix.txt

2009-02-04 19:10:07 ----A---- C:\Boot.bak

2009-02-04 19:09:52 ----RASHD---- C:\cmdcons

2009-02-04 18:59:39 ----A---- C:\WINDOWS\zip.exe

2009-02-04 18:59:39 ----A---- C:\WINDOWS\SWREG.exe

2009-02-04 18:59:38 ----A---- C:\WINDOWS\VFIND.exe

2009-02-04 18:59:38 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-02-04 18:59:38 ----A---- C:\WINDOWS\SWSC.exe

2009-02-04 18:59:38 ----A---- C:\WINDOWS\sed.exe

2009-02-04 18:59:38 ----A---- C:\WINDOWS\grep.exe

2009-02-04 18:59:38 ----A---- C:\WINDOWS\fdsv.exe

2009-02-04 18:59:30 ----D---- C:\Qoobox

2009-02-04 14:38:21 ----A---- C:\WINDOWS\system32\lsdelete.exe

2009-02-04 14:10:45 ----HDC---- C:\Documents and Settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-02-04 14:09:58 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2009-02-04 14:09:58 ----D---- C:\Arquivos de programas\Lavasoft

2009-02-04 13:55:25 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2009-02-04 13:55:25 ----D---- C:\Arquivos de programas\Avira

2009-02-03 09:55:17 ----D---- C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla

2009-01-31 16:59:20 ----D---- C:\Arquivos de programas\Tibia

 

======List of files/folders modified in the last 1 months======

 

2009-02-05 13:35:58 ----RD---- C:\Arquivos de programas

2009-02-05 13:35:55 ----D---- C:\WINDOWS\Prefetch

2009-02-04 23:55:54 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-02-04 19:49:35 ----D---- C:\WINDOWS

2009-02-04 19:24:00 ----D---- C:\WINDOWS\system32

2009-02-04 19:19:14 ----A---- C:\WINDOWS\system.ini

2009-02-04 19:14:40 ----D---- C:\WINDOWS\system32\drivers

2009-02-04 19:14:38 ----D---- C:\WINDOWS\AppPatch

2009-02-04 19:14:38 ----D---- C:\Arquivos de programas\Arquivos comuns

2009-02-04 19:12:33 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-04 19:10:07 ----RASH---- C:\boot.ini

2009-02-04 18:54:50 ----D---- C:\WINDOWS\FLV Player

2009-02-04 14:12:27 ----SD---- C:\WINDOWS\Tasks

2009-02-04 14:11:58 ----HD---- C:\WINDOWS\inf

2009-02-04 14:11:25 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-02-04 14:10:45 ----SHD---- C:\WINDOWS\Installer

2009-02-04 14:09:46 ----D---- C:\WINDOWS\WinSxS

2009-02-03 20:36:46 ----D---- C:\Arquivos de programas\Shareaza

2009-02-03 20:21:33 ----D---- C:\Documents and Settings\Usuario\Dados de aplicativos\LimeWire

2009-02-03 18:38:16 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-02-02 18:01:49 ----A---- C:\WINDOWS\NeroDigital.ini

2009-02-01 15:49:35 ----D---- C:\Documents and Settings\Usuario\Dados de aplicativos\Tibia

2009-01-31 17:11:26 ----SD---- C:\Documents and Settings\Usuario\Dados de aplicativos\Microsoft

2009-01-30 23:22:11 ----D---- C:\Arquivos de programas\FirefoxPortable

2009-01-30 15:03:12 ----D---- C:\Documents and Settings\Usuario\Dados de aplicativos\teamspeak2

2009-01-24 21:25:11 ----D---- C:\Arquivos de programas\Lurdes

2009-01-20 23:52:55 ----A---- C:\WINDOWS\win.ini

2009-01-20 16:58:54 ----D---- C:\Arquivos de programas\Google

2009-01-12 09:04:20 ----D---- C:\Arquivos de programas\TibiaBot NGNOVOO

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41472]

R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]

R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]

R3 Ptserlp;PCTEL Serial Device Driver for PCI; C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 112574]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]

S3 avgntflt;avgntflt; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]

S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]

S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]

S3 PAC207;SoC PC-Camer@; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [1782-01-19 12032]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

S3 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

S3 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [2009-02-04 950096]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 Pctspk;PCTEL Speaker Phone; C:\WINDOWS\system32\pctspk.exe [2001-09-05 86016]

S3 ServiceLayer;ServiceLayer; C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe [2007-12-10 353280]

S3 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

 

-----------------EOF-----------------

 

Info.txt

 

info.txt logfile of random's system information tool 1.05 2009-02-05 13:37:11

 

======Uninstall list======

 

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Ad-Aware-->"C:\Documents and Settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE

Ad-Aware-->C:\Documents and Settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe

Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

AnVir Task Manager Free-->"C:\Arquivos de programas\AnVir Task Manager Free\AnVir.exe" Uninstall

Assistente de Conexão do Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Atualização de Segurança para o Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Atualização para Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Atualização para Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\setup.exe /REMOVE

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

Defraggler (remove only)-->"C:\Arquivos de programas\Defraggler\uninst.exe"

DVD Solution-->"C:\Arquivos de programas\Uninstall_CDS.exe"

GetTube 2.4.5 - Download de áudio e vídeo-->"C:\Arquivos de programas\GetTube\unins000.exe"

Glary Utilities 2.6-->"C:\Arquivos de programas\Glary Utilities\unins000.exe"

GVOX Encore 32 v4.5-->C:\ARQUIV~1\GVOX\Encore\UNWISE.EXE C:\ARQUIV~1\GVOX\Encore\INSTALL.LOG

HijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstall

Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Ink Monitor-->C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe -U

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}

Multimedia Launcher-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall

MV RegClean 4.0-->"C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 4.0\unins000.exe"

Nero OEM-->C:\Arquivos de programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Noiseware Community Edition-->MsiExec.exe /I{92CA58DD-4475-461C-828B-4A832B1EC080}

Nokia Connectivity Cable Driver-->MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}

Nokia PC Suite-->C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_por_br_web.exe

Nokia PC Suite-->MsiExec.exe /I{29466F9C-7C6A-419C-B301-F440FAF78760}

Pacote de Driver do Windows - Nokia Modem (08/03/2007 6.84.0.2)-->C:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf

Pacote de Driver do Windows - Nokia Modem (10/12/2007 3.6)-->C:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf

PC Connectivity Solution-->MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}

PhotoFiltre-->"C:\Arquivos de programas\PhotoFiltre\Uninst.exe"

Samsung USB Driver-->"C:\Arquivos de programas\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" -runfromtemp -l0x0009 anything -removeonly

Shareaza 2.4.0.0-->"C:\Arquivos de programas\Shareaza\Uninstall\unins000.exe"

Software para Impressoras EPSON-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

TeamSpeak 2 RC2-->"C:\Arquivos de programas\Teamspeak2_RC2\unins000.exe"

Tibia-->"C:\Arquivos de programas\Tibia\unins000.exe"

TibiaBot NG 4.8.4-->"C:\Arquivos de programas\Lurdes\unins000.exe"

TibiaBR Cam Lite 1.8-->"C:\Arquivos de programas\TibiaBR Cam Lite\unins000.exe"

Uninstall 1.0.0.0-->"C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft\unins000.exe"

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

VisuAlg 2.0.0.12 (20/09/06)-->"C:\Arquivos de programas\Apoio\Visualg Versão 2\unins000.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}

Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}

Windows Media Format Runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

 

Hosts File Missing

======Security center information======

 

AV: Avira AntiVir PersonalEdition (outdated)

FW: COMODO Firewall Pro (disabled)

 

System event log

 

Computer Name: USUARIO-HOME

Event Code: 6006

Message: O serviço Log de eventos foi finalizado.

 

Record Number: 8007

Source Name: EventLog

Time Written: 20081226013154.000000-120

Event Type: Informações

User:

 

Computer Name: USUARIO-HOME

Event Code: 7901

Message: O comando At2.job falhou ao iniciar devido ao seguinte erro:

%%2147942402

 

Record Number: 8006

Source Name: Schedule

Time Written: 20081226010001.000000-120

Event Type: Erro

User:

 

Computer Name: USUARIO-HOME

Event Code: 7036

Message: O serviço Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader entrou no estado executando.

 

Record Number: 8005

Source Name: Service Control Manager

Time Written: 20081226000957.000000-120

Event Type: Informações

User:

 

Computer Name: USUARIO-HOME

Event Code: 7035

Message: O serviço Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader recebeu com êxito um controle Iniciar.

 

Record Number: 8004

Source Name: Service Control Manager

Time Written: 20081226000957.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: USUARIO-HOME

Event Code: 7901

Message: O comando At1.job falhou ao iniciar devido ao seguinte erro:

%%2147942402

 

Record Number: 8003

Source Name: Schedule

Time Written: 20081226000000.000000-120

Event Type: Erro

User:

 

Application event log

 

Computer Name: USUARIO-HOME

Event Code: 12001

Message: The Messenger Sharing USN Journal Reader service started successfully.

 

Record Number: 1440

Source Name: usnjsvc

Time Written: 20081220145322.000000-120

Event Type:

User:

 

Computer Name: USUARIO-HOME

Event Code: 1800

Message: O Serviço da Central de Segurança do Windows foi iniciado.

 

Record Number: 1439

Source Name: SecurityCenter

Time Written: 20081220145141.000000-120

Event Type: Informações

User:

 

Computer Name: USUARIO-HOME

Event Code: 105

Message: The service was started.

 

Record Number: 1438

Source Name: STI Simulator

Time Written: 20081220145133.000000-120

Event Type: Informações

User:

 

Computer Name: USUARIO-HOME

Event Code: 302

Message: msnmsgr (408) \\.\C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft\Messenger\digox_@hotmail.com\SharingMetadata\Working\database_6CF0_4D18_F04C_EA42\dfsr.db: O mecanismo de banco de dados concluiu com êxito as etapas de recuperação.

 

Record Number: 1437

Source Name: ESENT

Time Written: 20081220032019.000000-120

Event Type: Informações

User:

 

Computer Name: USUARIO-HOME

Event Code: 301

Message: msnmsgr (408) \\.\C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft\Messenger\digox_@hotmail.com\SharingMetadata\Working\database_6CF0_4D18_F04C_EA42\dfsr.db: O mecanismo de banco de dados está reproduzindo novamente o arquivo de log \\.\C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft\Messenger\digox_@hotmail.com\SharingMetadata\Working\database_6CF0_4D18_F04C_EA42\fsr.log.

 

Record Number: 1436

Source Name: ESENT

Time Written: 20081220032018.000000-120

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\PC Connectivity Solution;C:\Arquivos de programas\Arquivos comuns\Ulead Systems\MPEG

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=0801

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

[DigRam 144]

Boa Noite! Ricardolima11

 

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Ricardolima11 0]

Boa noite!

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Sempron 2200+ )

BIOS : Phoenix - Award BIOS v6.00PG

USER : Usuario ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)

Firewall : COMODO Firewall Pro 2.3.035 (Not Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:9 Go (Free:0 Go)

D:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( qui 05/02/2009|23:29 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[08/01/2007|13:19] C:\DOCUME~1\ADMINI~1\DADOSD~1\Microsoft

 

[04/02/2009|14:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\{83C91755-2546-441D-AC40-9A6B4B860800}

[27/12/2007|19:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[24/06/2007|12:39] C:\DOCUME~1\ALLUSE~1\DADOSD~1\avg7

[04/02/2009|13:55] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avira

[26/09/2007|16:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Comodo

[08/01/2007|13:38] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink

[25/07/2008|17:38] C:\DOCUME~1\ALLUSE~1\DADOSD~1\ESET

[18/09/2007|14:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Grisoft

[27/12/2007|22:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Installations

[27/12/2007|19:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield

[04/02/2009|14:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Lavasoft

[13/08/2007|18:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[25/10/2008|13:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[27/12/2007|22:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\PC Suite

[05/10/2007|13:09] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[03/02/2009|18:38] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[27/01/2008|12:37] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ulead Systems

[08/01/2007|18:16] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[08/01/2007|19:31] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Live Toolbar

[17/06/2007|18:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WindowsLiveInstaller

[04/12/2008|16:15] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

 

 

[08/01/2007|13:19] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[19/04/2007|12:10] C:\DOCUME~1\LOCALS~1\DADOSD~1\AVG7

[24/06/2007|12:40] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[24/06/2007|12:40] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

 

[13/09/2008|17:11] C:\DOCUME~1\Usuario\DADOSD~1\Adobe

[27/12/2007|19:25] C:\DOCUME~1\Usuario\DADOSD~1\AdobeAUM

[27/12/2007|19:25] C:\DOCUME~1\Usuario\DADOSD~1\AdobeUM

[30/01/2008|12:51] C:\DOCUME~1\Usuario\DADOSD~1\Any Video Converter

[17/01/2007|18:24] C:\DOCUME~1\Usuario\DADOSD~1\ArcSoft

[07/05/2008|23:45] C:\DOCUME~1\Usuario\DADOSD~1\Cyberlink

[23/07/2008|22:07] C:\DOCUME~1\Usuario\DADOSD~1\GlarySoft

[08/11/2008|23:19] C:\DOCUME~1\Usuario\DADOSD~1\GNU Solfege

[06/02/2007|16:54] C:\DOCUME~1\Usuario\DADOSD~1\Help

[08/01/2007|13:27] C:\DOCUME~1\Usuario\DADOSD~1\Identities

[08/01/2007|13:45] C:\DOCUME~1\Usuario\DADOSD~1\InterTrust

[26/09/2007|14:32] C:\DOCUME~1\Usuario\DADOSD~1\Lavasoft

[28/12/2007|01:29] C:\DOCUME~1\Usuario\DADOSD~1\Leadertech

[03/02/2009|20:21] C:\DOCUME~1\Usuario\DADOSD~1\LimeWire

[01/03/2007|16:39] C:\DOCUME~1\Usuario\DADOSD~1\Macromedia

[31/01/2009|17:11] C:\DOCUME~1\Usuario\DADOSD~1\Microsoft

[03/02/2009|22:29] C:\DOCUME~1\Usuario\DADOSD~1\Mozilla

[27/01/2008|12:55] C:\DOCUME~1\Usuario\DADOSD~1\Nokia

[08/01/2008|13:26] C:\DOCUME~1\Usuario\DADOSD~1\Nokia Multimedia Player

[27/12/2007|22:24] C:\DOCUME~1\Usuario\DADOSD~1\PC Suite

[13/05/2007|12:52] C:\DOCUME~1\Usuario\DADOSD~1\Screenshot Sender

[08/01/2007|22:23] C:\DOCUME~1\Usuario\DADOSD~1\Sun

[30/01/2009|15:03] C:\DOCUME~1\Usuario\DADOSD~1\teamspeak2

[05/02/2009|18:48] C:\DOCUME~1\Usuario\DADOSD~1\Tibia

[27/12/2007|19:52] C:\DOCUME~1\Usuario\DADOSD~1\Ulead Systems

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[04/02/2009 14:12][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[05/02/2009 13:31][--a------] C:\WINDOWS\tasks\GlaryInitialize.job

[05/02/2009 23:00][--a------] C:\WINDOWS\tasks\At24.job

[05/02/2009 22:00][--a------] C:\WINDOWS\tasks\At23.job

[05/02/2009 21:00][--a------] C:\WINDOWS\tasks\At22.job

[05/02/2009 20:00][--a------] C:\WINDOWS\tasks\At21.job

[05/02/2009 19:00][--a------] C:\WINDOWS\tasks\At20.job

[05/02/2009 18:00][--a------] C:\WINDOWS\tasks\At19.job

[05/02/2009 16:00][--a------] C:\WINDOWS\tasks\At17.job

[05/02/2009 17:00][--a------] C:\WINDOWS\tasks\At18.job

[05/02/2009 15:00][--a------] C:\WINDOWS\tasks\At16.job

[05/02/2009 14:00][--a------] C:\WINDOWS\tasks\At15.job

[03/02/2009 13:00][--a------] C:\WINDOWS\tasks\At14.job

[03/02/2009 12:00][--a------] C:\WINDOWS\tasks\At13.job

[03/02/2009 11:00][--a------] C:\WINDOWS\tasks\At12.job

[03/02/2009 10:00][--a------] C:\WINDOWS\tasks\At11.job

[12/01/2009 09:00][--a------] C:\WINDOWS\tasks\At10.job

[06/02/2008 18:50][--a------] C:\WINDOWS\tasks\At8.job

[08/01/2009 08:00][--a------] C:\WINDOWS\tasks\At9.job

[06/02/2008 18:50][--a------] C:\WINDOWS\tasks\At6.job

[06/02/2008 18:50][--a------] C:\WINDOWS\tasks\At7.job

[20/12/2008 04:00][--a------] C:\WINDOWS\tasks\At5.job

[26/01/2009 02:00][--a------] C:\WINDOWS\tasks\At3.job

[26/01/2009 03:00][--a------] C:\WINDOWS\tasks\At4.job

[31/01/2009 01:00][--a------] C:\WINDOWS\tasks\At2.job

[04/02/2009 00:00][--a------] C:\WINDOWS\tasks\At1.job

[05/02/2009 13:31][--ah-----] C:\WINDOWS\tasks\SA.DAT

[19/01/1782 01:14][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[27/12/2007|19:23] C:\Arquivos de programas\Adobe

[02/04/2008|00:20] C:\Arquivos de programas\Ahead

[04/02/2009|19:46] C:\Arquivos de programas\AnVir Task Manager Free

[16/04/2008|15:08] C:\Arquivos de programas\Apoio

[17/01/2007|18:22] C:\Arquivos de programas\ArcSoft

[04/02/2009|19:14] C:\Arquivos de programas\Arquivos comuns

[04/02/2009|13:55] C:\Arquivos de programas\Avira

[26/09/2007|15:44] C:\Arquivos de programas\CCleaner

[08/01/2007|13:13] C:\Arquivos de programas\ComPlus Applications

[08/01/2007|13:38] C:\Arquivos de programas\CyberLink

[08/01/2007|13:38] C:\Arquivos de programas\CyberLink DVD Solution

[22/07/2008|00:10] C:\Arquivos de programas\Defraggler

[27/12/2007|22:18] C:\Arquivos de programas\DIFX

[31/05/2007|19:19] C:\Arquivos de programas\dscdisk

[02/10/2008|11:51] C:\Arquivos de programas\epson

[30/01/2009|23:22] C:\Arquivos de programas\FirefoxPortable

[26/08/2008|11:38] C:\Arquivos de programas\GetTube

[23/07/2008|21:51] C:\Arquivos de programas\Glary Utilities

[20/01/2009|16:58] C:\Arquivos de programas\Google

[08/11/2008|22:35] C:\Arquivos de programas\GVOX

[15/12/2008|17:17] C:\Arquivos de programas\InstallShield Installation Information

[05/10/2008|13:40] C:\Arquivos de programas\Internet Explorer

[29/10/2007|15:22] C:\Arquivos de programas\Java

[04/02/2009|14:09] C:\Arquivos de programas\Lavasoft

[24/01/2009|21:25] C:\Arquivos de programas\Lurdes

[01/03/2007|15:47] C:\Arquivos de programas\Macromedia

[18/06/2007|00:52] C:\Arquivos de programas\Marcos Velasco Security

[05/10/2008|13:46] C:\Arquivos de programas\Messenger

[31/08/2008|13:26] C:\Arquivos de programas\Messenger Plus! Live

[17/06/2007|18:46] C:\Arquivos de programas\MessengerDiscovery

[08/01/2007|13:20] C:\Arquivos de programas\microsoft frontpage

[08/01/2007|17:52] C:\Arquivos de programas\Microsoft Office

[08/01/2007|13:15] C:\Arquivos de programas\Movie Maker

[08/01/2007|13:12] C:\Arquivos de programas\MSN Gaming Zone

[05/10/2008|13:34] C:\Arquivos de programas\MSXML 4.0

[08/01/2007|13:15] C:\Arquivos de programas\NetMeeting

[31/01/2008|14:40] C:\Arquivos de programas\Noiseware Community Edition

[27/12/2007|22:14] C:\Arquivos de programas\Nokia

[11/12/2007|16:03] C:\Arquivos de programas\OTSERV

[08/01/2007|18:13] C:\Arquivos de programas\Outlook Express

[17/01/2007|19:01] C:\Arquivos de programas\PC Camer@

[27/12/2007|22:12] C:\Arquivos de programas\PC Connectivity Solution

[22/03/2008|21:29] C:\Arquivos de programas\PhotoFiltre

[20/05/2008|18:03] C:\Arquivos de programas\Scpad

[08/01/2007|13:16] C:\Arquivos de programas\Serviços on-line

[03/02/2009|20:36] C:\Arquivos de programas\Shareaza

[06/12/2007|12:16] C:\Arquivos de programas\Teamspeak2_RC2

[31/01/2009|17:05] C:\Arquivos de programas\Tibia

[12/01/2009|09:04] C:\Arquivos de programas\TibiaBot NGNOVOO

[12/12/2008|17:15] C:\Arquivos de programas\TibiaBR Cam Lite

[05/02/2009|13:37] C:\Arquivos de programas\trend micro

[27/12/2007|19:44] C:\Arquivos de programas\Ulead Systems

[08/01/2007|13:27] C:\Arquivos de programas\Uninstall Information

[17/06/2007|18:01] C:\Arquivos de programas\Windows Live

[03/06/2007|20:08] C:\Arquivos de programas\Windows Live Safety Center

[08/01/2007|19:36] C:\Arquivos de programas\Windows Live Toolbar

[06/02/2008|23:07] C:\Arquivos de programas\Windows Media Player

[08/01/2007|13:12] C:\Arquivos de programas\Windows NT

[08/01/2007|13:16] C:\Arquivos de programas\WindowsUpdate

[02/11/2008|12:55] C:\Arquivos de programas\WinRAR

[08/01/2007|13:20] C:\Arquivos de programas\xerox

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[10/01/2007|11:12] C:\Arquivos de programas\Arquivos comuns\Adobe

[08/01/2007|13:38] C:\Arquivos de programas\Arquivos comuns\Ahead

[08/01/2007|17:52] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[12/03/2008|21:36] C:\Arquivos de programas\Arquivos comuns\DVDVIDEOSOFT

[09/03/2008|23:07] C:\Arquivos de programas\Arquivos comuns\InstallShield

[02/02/2007|15:23] C:\Arquivos de programas\Arquivos comuns\Java

[01/03/2007|15:45] C:\Arquivos de programas\Arquivos comuns\Macromedia

[31/05/2007|19:22] C:\Arquivos de programas\Arquivos comuns\MGI Shared

[23/03/2008|15:54] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[08/01/2007|13:15] C:\Arquivos de programas\Arquivos comuns\MSSoap

[27/12/2007|22:15] C:\Arquivos de programas\Arquivos comuns\Nokia

[08/01/2007|10:56] C:\Arquivos de programas\Arquivos comuns\ODBC

[17/01/2007|19:01] C:\Arquivos de programas\Arquivos comuns\PCCamera

[27/12/2007|22:15] C:\Arquivos de programas\Arquivos comuns\PCSuite

[08/01/2007|13:15] C:\Arquivos de programas\Arquivos comuns\Serviços

[08/01/2007|10:56] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[08/01/2007|18:13] C:\Arquivos de programas\Arquivos comuns\System

[27/01/2008|12:36] C:\Arquivos de programas\Arquivos comuns\Ulead Systems

[04/12/2008|16:26] C:\Arquivos de programas\Arquivos comuns\Windows Live

[25/07/2008|21:49] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

 

--------------------\\ Process

 

( 23 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-05 23:31:42

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 27

 

--------------------\\ Procurando por outras infecções

 

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

 

 

 

[F:38][D:1]-> C:\DOCUME~1\Usuario\CONFIG~1\Temp

[F:103][D:0]-> C:\DOCUME~1\Usuario\Cookies

[F:13196][D:21]-> C:\DOCUME~1\Usuario\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - qui 05/02/2009|23:34 - Option : [2]

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 23:39:01, on 5/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

[DigRam 144]

Bom Dia! Ricardolima11

 

<@> Baixe: < ComboFix.exe > ( ...by sUBs )

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

---------------------------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Ricardolima11 0]

ComboFix 09-02-05.02 - Usuario 2009-02-06 11:50:00.9 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.255.83 [GMT -2:00]

Executando de: C:\ComboFix.exe

FW: COMODO Firewall Pro *disabled*

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-06 to 2009-02-06 ))))))))))))))))))))))))))))

.

 

2009-02-06 11:45 . 2009-02-06 11:45 2,913,680 -ra------ C:\ComboFix.exe

2009-02-05 23:28 . 2009-02-05 23:34 <DIR> d-------- C:\Lop SD

2009-02-05 23:28 . 2009-02-05 23:28 530,106 --a------ C:\LopSD.exe

2009-02-05 13:35 . 2009-02-05 13:37 <DIR> d-------- C:\rsit

2009-02-05 13:35 . 2009-02-05 13:37 <DIR> d-------- c:\arquivos de programas\trend micro

2009-02-05 13:35 . 2009-02-05 13:35 781,851 --a------ C:\RSIT.exe

2009-02-04 19:38 . 2009-02-04 19:38 400,192 --a------ C:\Silent Runners.vbs

2009-02-04 19:35 . 2009-02-04 19:35 <DIR> d-------- C:\LinhaDefensiva

2009-02-04 19:34 . 2009-02-04 19:34 178,597 --a------ C:\bankerfix.exe

2009-02-04 14:38 . 2009-02-04 14:30 15,688 --a------ c:\windows\system32\lsdelete.exe

2009-02-04 14:11 . 2009-01-18 19:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-02-04 14:10 . 2009-02-04 14:10 <DIR> d--h-c--- c:\documents and settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-02-04 14:09 . 2009-02-04 14:12 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2009-02-04 14:09 . 2009-02-04 14:09 <DIR> d-------- c:\arquivos de programas\Lavasoft

2009-02-04 13:55 . 2009-02-04 13:55 <DIR> d-------- c:\arquivos de programas\Avira

2009-01-31 16:59 . 2009-01-31 17:05 <DIR> d-------- c:\arquivos de programas\Tibia

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-05 20:48 --------- d-----w c:\documents and settings\Usuario\Dados de aplicativos\Tibia

2009-02-03 22:36 --------- d-----w c:\arquivos de programas\Shareaza

2009-02-03 22:21 --------- d-----w c:\documents and settings\Usuario\Dados de aplicativos\LimeWire

2009-02-03 20:38 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-01-31 01:22 --------- d-----w c:\arquivos de programas\FirefoxPortable

2009-01-30 17:03 --------- d-----w c:\documents and settings\Usuario\Dados de aplicativos\teamspeak2

2009-01-24 23:25 --------- d-----w c:\arquivos de programas\Lurdes

2009-01-20 18:58 --------- d-----w c:\arquivos de programas\Google

2009-01-12 11:04 --------- d-----w c:\arquivos de programas\TibiaBot NGNOVOO

2008-12-26 01:50 304,160 ----a-w C:\StiImg.dat

2008-12-15 19:17 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-12-12 19:15 --------- d-----w c:\arquivos de programas\TibiaBR Cam Lite

2004-03-11 16:27 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Tibia\\Tibia.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-04 64160]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]

S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\pfc027.sys [2005-04-08 162176]

 

--- ---

 

*Deregistered* - avgio

*Deregistered* - avipbb

*Deregistered* - ssmdrv

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-02-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-04 14:29]

 

2009-02-06 c:\windows\Tasks\At1.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-01-12 c:\windows\Tasks\At10.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-03 c:\windows\Tasks\At11.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-03 c:\windows\Tasks\At12.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-03 c:\windows\Tasks\At13.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-03 c:\windows\Tasks\At14.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At15.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At16.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At17.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At18.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At19.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-06 c:\windows\Tasks\At2.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At20.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At21.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At22.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-06 c:\windows\Tasks\At23.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-06 c:\windows\Tasks\At24.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-01-26 c:\windows\Tasks\At3.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-01-26 c:\windows\Tasks\At4.job

- c:\windows\system32\2owIsBqn.exe []

 

2008-12-20 c:\windows\Tasks\At5.job

- c:\windows\system32\2owIsBqn.exe []

 

2008-02-06 c:\windows\Tasks\At6.job

- c:\windows\system32\2owIsBqn.exe []

 

2008-02-06 c:\windows\Tasks\At7.job

- c:\windows\system32\2owIsBqn.exe []

 

2008-02-06 c:\windows\Tasks\At8.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-01-08 c:\windows\Tasks\At9.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-06 c:\windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2008-07-18 12:08]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Connection Wizard,ShellNext = iexplore

IE: Add to AMV Convert Tool...

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-06 11:53:12

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2009-02-06 11:59:22

ComboFix-quarantined-files.txt 2009-02-06 13:59:09

ComboFix2.txt 2009-02-04 21:23:52

 

Pré-execução: 341.995.520 bytes disponíveis

Pós execução: 347,078,656 bytes disponíveis

 

154 --- E O F --- 2008-10-05 15:47:39

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:06:21, on 6/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

[DigRam 144]

Boa Tarde! Ricardolima11

 

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Ricardolima11 0]

ComboFix 09-02-05.04 - Usuario 2009-02-06 13:46:25.10 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.255.97 [GMT -2:00]

Executando de: C:\ComboFix.exe

Comandos utilizados :: C:\CFScript.txt

FW: COMODO Firewall Pro *disabled*

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-06 to 2009-02-06 ))))))))))))))))))))))))))))

.

 

2009-02-06 11:45 . 2009-02-06 13:43 2,913,729 -ra------ C:\ComboFix.exe

2009-02-05 23:28 . 2009-02-05 23:34 <DIR> d-------- C:\Lop SD

2009-02-05 23:28 . 2009-02-05 23:28 530,106 --a------ C:\LopSD.exe

2009-02-05 13:35 . 2009-02-05 13:37 <DIR> d-------- C:\rsit

2009-02-05 13:35 . 2009-02-05 13:37 <DIR> d-------- c:\arquivos de programas\trend micro

2009-02-05 13:35 . 2009-02-05 13:35 781,851 --a------ C:\RSIT.exe

2009-02-04 19:38 . 2009-02-04 19:38 400,192 --a------ C:\Silent Runners.vbs

2009-02-04 19:35 . 2009-02-04 19:35 <DIR> d-------- C:\LinhaDefensiva

2009-02-04 19:34 . 2009-02-04 19:34 178,597 --a------ C:\bankerfix.exe

2009-02-04 14:38 . 2009-02-04 14:30 15,688 --a------ c:\windows\system32\lsdelete.exe

2009-02-04 14:11 . 2009-01-18 19:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-02-04 14:10 . 2009-02-04 14:10 <DIR> d--h-c--- c:\documents and settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-02-04 14:09 . 2009-02-04 14:12 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2009-02-04 14:09 . 2009-02-04 14:09 <DIR> d-------- c:\arquivos de programas\Lavasoft

2009-01-31 16:59 . 2009-01-31 17:05 <DIR> d-------- c:\arquivos de programas\Tibia

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-05 20:48 --------- d-----w c:\documents and settings\Usuario\Dados de aplicativos\Tibia

2009-02-03 22:36 --------- d-----w c:\arquivos de programas\Shareaza

2009-02-03 22:21 --------- d-----w c:\documents and settings\Usuario\Dados de aplicativos\LimeWire

2009-02-03 20:38 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-01-31 01:22 --------- d-----w c:\arquivos de programas\FirefoxPortable

2009-01-30 17:03 --------- d-----w c:\documents and settings\Usuario\Dados de aplicativos\teamspeak2

2009-01-24 23:25 --------- d-----w c:\arquivos de programas\Lurdes

2009-01-20 18:58 --------- d-----w c:\arquivos de programas\Google

2009-01-12 11:04 --------- d-----w c:\arquivos de programas\TibiaBot NGNOVOO

2008-12-26 01:50 304,160 ----a-w C:\StiImg.dat

2008-12-15 19:17 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-12-12 19:15 --------- d-----w c:\arquivos de programas\TibiaBR Cam Lite

2004-03-11 16:27 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Tibia\\Tibia.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-04 64160]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]

S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\pfc027.sys [2005-04-08 162176]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-02-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-04 14:29]

 

2009-02-06 c:\windows\Tasks\At1.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-01-12 c:\windows\Tasks\At10.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-03 c:\windows\Tasks\At11.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-03 c:\windows\Tasks\At12.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-06 c:\windows\Tasks\At13.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-06 c:\windows\Tasks\At14.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At15.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At16.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At17.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At18.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At19.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-06 c:\windows\Tasks\At2.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At20.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At21.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-05 c:\windows\Tasks\At22.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-06 c:\windows\Tasks\At23.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-06 c:\windows\Tasks\At24.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-01-26 c:\windows\Tasks\At3.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-01-26 c:\windows\Tasks\At4.job

- c:\windows\system32\2owIsBqn.exe []

 

2008-12-20 c:\windows\Tasks\At5.job

- c:\windows\system32\2owIsBqn.exe []

 

2008-02-06 c:\windows\Tasks\At6.job

- c:\windows\system32\2owIsBqn.exe []

 

2008-02-06 c:\windows\Tasks\At7.job

- c:\windows\system32\2owIsBqn.exe []

 

2008-02-06 c:\windows\Tasks\At8.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-01-08 c:\windows\Tasks\At9.job

- c:\windows\system32\2owIsBqn.exe []

 

2009-02-06 c:\windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2008-07-18 12:08]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Connection Wizard,ShellNext = iexplore

IE: Add to AMV Convert Tool...

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-06 13:49:22

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(652)

c:\windows\system32\CLBCATQ.DLL

.

Tempo para conclusão: 2009-02-06 13:54:39

ComboFix-quarantined-files.txt 2009-02-06 15:54:24

ComboFix2.txt 2009-02-06 13:59:23

ComboFix3.txt 2009-02-04 21:23:52

 

Pré-execução: 465,285,120 bytes disponíveis

Pós execução: 459,358,208 bytes disponíveis

 

155 --- E O F --- 2008-10-05 15:47:39

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:08:34, on 6/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

[DigRam 144]

Boa Tarde! Ricardolima11

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

-------------------------------------

<@> Baixe: < OTMoveIt3 >

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Files

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,há que observar o que foi gerado após sua execução.

 

Abraços!

[Ricardolima11 0]

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

c:\windows\Tasks\At1.job moved successfully.

c:\windows\Tasks\At10.job moved successfully.

c:\windows\Tasks\At11.job moved successfully.

c:\windows\Tasks\At12.job moved successfully.

c:\windows\Tasks\At13.job moved successfully.

c:\windows\Tasks\At14.job moved successfully.

c:\windows\Tasks\At15.job moved successfully.

c:\windows\Tasks\At16.job moved successfully.

c:\windows\Tasks\At17.job moved successfully.

c:\windows\Tasks\At18.job moved successfully.

c:\windows\Tasks\At19.job moved successfully.

c:\windows\Tasks\At2.job moved successfully.

c:\windows\Tasks\At20.job moved successfully.

c:\windows\Tasks\At21.job moved successfully.

c:\windows\Tasks\At22.job moved successfully.

c:\windows\Tasks\At23.job moved successfully.

c:\windows\Tasks\At24.job moved successfully.

c:\windows\Tasks\At3.job moved successfully.

c:\windows\Tasks\At4.job moved successfully.

c:\windows\Tasks\At5.job moved successfully.

c:\windows\Tasks\At6.job moved successfully.

c:\windows\Tasks\At7.job moved successfully.

c:\windows\Tasks\At8.job moved successfully.

c:\windows\Tasks\At9.job moved successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02062009_161955

[DigRam 144]

Boa Noite! Ricardolima11

 

<!> Abra o OTMoveIt3 --> Clique em CleanUp --> Aguarde a finalização!

--------------------------------

<!> Estando tudo Ok,crie um ponto limpo de Restauração do Sistema.

<!> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<!> Marque: Desativar Restauração do Sistema --> Aplicar --> Ok.

<!> Depois,desmarque novamente! --> Aplicar --> Ok.

<!> Para maiores detalhes,vá em: < Docs >

--------------------------------

<!> O log está limpo! :thumbsup:

<!> Tudo Ok?

 

Abraços!

[Ricardolima11 0]

Muito obrigado DigRam, mais uma vez um trabalho rápido e eficiente. Abs!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.