vitotiBM 0 Denunciar post Postado Abril 17, 2009 Bom pessoal, gostaria a princípio parabenizar a todos moderadores, administradores e usuarios, pelo trabalho não só dessa seção mas de todo o forum. Bom estou na verdade com dois grandes problemas: um é a janela do "Update Manager" pedindo para inserir Cd do mesmo e li no forum que outras pessoas tambem tiveram o mesmo problema; e o outro é uma janela popup abrindo o tempo todo do Mercado Livre, teste de QI, etc.... isso ja está me prejudicando, por que desde que instalei o Programa NitroPc aparece isso, foi logo apos realizar os testes do mesmo. Fiz isso por recomendaçao de um amigo tecnico, mas que hoje em dia não tenho mais contato, entao vim recorrer a vocês... agora ja não consigo fazer algumas coisas como copiar e colar, o pc desliga sozinho, altera fonte dos programas.... o anti virus não detectou nada.... seguindo orientação executei o Hijackthis se puderem dar uma força ai... ja agradecendo!!! VictorBruno Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:00:29, on 17/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe c:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\DRIVERS\WtSrv.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\RAM Idle LE\RAM_XP.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\WINDOWS\vVX3000.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Glary Utilities\memdefrag.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Hi\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RAM Idle Professional] C:\Arquivos de programas\RAM Idle LE\RAM_XP.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [info sect setup online] C:\Documents and Settings\All Users\Dados de aplicativos\ABOUT TEAM INFO SECT\More Slow.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [userSeek] C:\DOCUME~1\VICTOR~1\DADOSD~1\DOGFIR~1\move draw você.exe O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Arquivos de programas\Glary Utilities\memdefrag.exe" /autostart O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/ O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe -- End of file - 6703 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Abril 17, 2009 Olá, seja bem vindo ao fórum! - Faça download do Lop S&D e salve-o no desktop; ● Para instalá-lo, na primeira tela escolha a opção "Je suis d'accord avec..." e clique em Suivant, depois em Quitter. ● Na sua área de trabalho irá aparecer o ícone do Lop S&D. Clique sobre ele. ● Dê um duplo clique no Lop S&D, Na janela que abrir pressione a tecla P e tecle Enter; ● Na próxima tela pressione o numero 2 e tecle Enter; ● Sua tela irá piscar. Isso é normal. Aguarde até que seja gerado um relatório. Poste este log aqui, juntamente com um novo log do HijackThis. Compartilhar este post Link para o post Compartilhar em outros sites
vitotiBM 0 Denunciar post Postado Abril 17, 2009 oi MGuitar, obrigado pela atenção... fiz o que você falou aqui... aparentemente tudo certo... nenhuma mensagem de erro nem nada... Mas o problema continua, é assim mesmo????? seguem os log´s: --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 1.80GHz ) BIOS : Default System BIOS USER : victor bruno ( Administrator ) BOOT : Normal boot Antivirus : AVG Anti-Virus Free 8.0 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:37 Go (Free:0 Go) D:\ (CD or DVD) E:\ (USB) - FAT - Total:121 Mo (Free:0 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( --- 17/04/2009|13:32 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS Deletado! - C:\WINDOWS\Tasks\A9A1D0AF919A4833.job Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\ABOUT TEAM INFO SECT\More Slow.dat Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\ABOUT TEAM INFO SECT\More Slow.exe Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\ABOUT TEAM INFO SECT\Owns Play.dat Deletado! - C:\DOCUME~1\VICTOR~1\DADOSD~1\dogfir~1\bjpjtiji.exe Deletado! - C:\DOCUME~1\VICTOR~1\DADOSD~1\dogfir~1\dfdiquaf.exe Deletado! - C:\DOCUME~1\VICTOR~1\DADOSD~1\dogfir~1\evpecmbu.exe Deletado! - C:\DOCUME~1\VICTOR~1\DADOSD~1\dogfir~1\move draw você.exe Deletado! - C:\DOCUME~1\VICTOR~1\DADOSD~1\dogfir~1\one long joy defy.exe Deletado! - C:\DOCUME~1\VICTOR~1\DADOSD~1\dogfir~1\phxkajmk.exe Deletado! - C:\DOCUME~1\VICTOR~1\DADOSD~1\dogfir~1\sfjlcbld.exe Deletado! - C:\DOCUME~1\VICTOR~1\DADOSD~1\dogfir~1\Slow Stop 4.exe Deletado! - C:\DOCUME~1\VICTOR~1\DADOSD~1\dogfir~1\yjdezsxw.exe Deletado! - C:\Arquivos de programas\Circle Developement\Uninstall.exe Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\ABOUT TEAM INFO SECT Deletado! - C:\DOCUME~1\VICTOR~1\DADOSD~1\dogfir~1 Deletado! - C:\Arquivos de programas\dogfir~1 Deletado! - C:\Arquivos de programas\Adverts Deletado! - C:\Arquivos de programas\Circle Developement \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Lista de pastas em DADOSD~1 [02/06/2008|15:19] C:\DOCUME~1\ADMINI~1\DADOSD~1\Identities [02/06/2008|15:33] C:\DOCUME~1\ADMINI~1\DADOSD~1\Microsoft [11/06/2008|13:13] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe [09/06/2008|12:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe Systems [11/06/2008|14:38] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer [02/02/2009|02:37] C:\DOCUME~1\ALLUSE~1\DADOSD~1\avg8 [06/02/2009|00:39] C:\DOCUME~1\ALLUSE~1\DADOSD~1\ESET [11/06/2008|13:17] C:\DOCUME~1\ALLUSE~1\DADOSD~1\FLEXnet [10/07/2008|14:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP [04/06/2008|12:06] C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield [02/09/2008|22:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus! [26/03/2009|19:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft [15/07/2008|19:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real [06/02/2009|13:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP [31/12/2008|13:15] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage [02/06/2008|21:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller [02/06/2008|15:19] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Identities [02/06/2008|15:33] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft [31/12/2008|13:16] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft [02/06/2008|16:14] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft [06/02/2009|13:44] C:\DOCUME~1\VICTOR~1\DADOSD~1\Adobe [02/06/2008|18:43] C:\DOCUME~1\VICTOR~1\DADOSD~1\AdobeUM [05/02/2009|12:40] C:\DOCUME~1\VICTOR~1\DADOSD~1\Alien Skin [15/07/2008|19:06] C:\DOCUME~1\VICTOR~1\DADOSD~1\Apple Computer [10/06/2008|23:22] C:\DOCUME~1\VICTOR~1\DADOSD~1\Blender Foundation [04/06/2008|13:29] C:\DOCUME~1\VICTOR~1\DADOSD~1\Corel [08/12/2008|16:54] C:\DOCUME~1\VICTOR~1\DADOSD~1\Desktopicon [06/02/2009|02:19] C:\DOCUME~1\VICTOR~1\DADOSD~1\GlarySoft [26/12/2008|18:22] C:\DOCUME~1\VICTOR~1\DADOSD~1\Google [10/07/2008|13:56] C:\DOCUME~1\VICTOR~1\DADOSD~1\HP [02/06/2008|15:19] C:\DOCUME~1\VICTOR~1\DADOSD~1\Identities [06/04/2009|21:27] C:\DOCUME~1\VICTOR~1\DADOSD~1\Image Zone Express [06/02/2009|02:26] C:\DOCUME~1\VICTOR~1\DADOSD~1\Macromedia [14/07/2008|22:21] C:\DOCUME~1\VICTOR~1\DADOSD~1\Media Player Classic [07/08/2008|17:23] C:\DOCUME~1\VICTOR~1\DADOSD~1\Microsoft [26/03/2009|01:24] C:\DOCUME~1\VICTOR~1\DADOSD~1\Mozilla [23/08/2008|22:55] C:\DOCUME~1\VICTOR~1\DADOSD~1\noteMaNIA [05/04/2009|01:29] C:\DOCUME~1\VICTOR~1\DADOSD~1\Opera [15/07/2008|23:47] C:\DOCUME~1\VICTOR~1\DADOSD~1\Real [22/06/2008|12:20] C:\DOCUME~1\VICTOR~1\DADOSD~1\Sun [11/06/2008|11:26] C:\DOCUME~1\VICTOR~1\DADOSD~1\WinRAR --------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks [17/04/2009 12:31][--a------] C:\WINDOWS\tasks\GlaryInitialize.job [02/04/2009 09:21][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [17/04/2009 13:30][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{28A9E485-D676-42A3-836A-1C6CDC3FFCC2}.job [17/04/2009 12:27][--ah-----] C:\WINDOWS\tasks\SA.DAT [02/03/2006 09:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ MsgPlus SPONSOR INSTALLED ! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin] "SponsorInstalled"=dword:00000000 --------------------\\ Lista de pastas em C:\Arquivos de programas [10/03/2009|21:06] C:\Arquivos de programas\3DBoxShotMaker [13/01/2009|20:59] C:\Arquivos de programas\Adobe [24/08/2008|14:56] C:\Arquivos de programas\Alien Skin [27/03/2009|17:07] C:\Arquivos de programas\Arquivos comuns [02/06/2008|16:15] C:\Arquivos de programas\AVG [10/06/2008|23:22] C:\Arquivos de programas\Blender Foundation [11/06/2008|13:08] C:\Arquivos de programas\Bonjour [03/06/2008|02:10] C:\Arquivos de programas\CCleaner [10/04/2009|02:08] C:\Arquivos de programas\Clevo [02/06/2008|15:15] C:\Arquivos de programas\ComPlus Applications [07/02/2009|19:42] C:\Arquivos de programas\Corel [10/04/2009|19:42] C:\Arquivos de programas\DreaMule [06/02/2009|01:57] C:\Arquivos de programas\eMule [07/02/2009|18:36] C:\Arquivos de programas\ESET [06/06/2008|15:49] C:\Arquivos de programas\GENIUS TABLET [31/07/2008|01:44] C:\Arquivos de programas\Glary Utilities [10/07/2008|14:07] C:\Arquivos de programas\Hewlett-Packard [10/07/2008|14:10] C:\Arquivos de programas\HP [14/01/2009|12:44] C:\Arquivos de programas\InstallShield Installation Information [16/04/2009|16:54] C:\Arquivos de programas\Internet Explorer [18/01/2009|19:39] C:\Arquivos de programas\Java [02/06/2008|15:40] C:\Arquivos de programas\Kaspersky Lab [16/04/2009|16:07] C:\Arquivos de programas\Kerio [14/07/2008|22:11] C:\Arquivos de programas\K-Lite Codec Pack [05/06/2008|12:35] C:\Arquivos de programas\Marcos Velasco Security [07/09/2008|19:30] C:\Arquivos de programas\Messenger [31/03/2009|10:40] C:\Arquivos de programas\Messenger Plus! Live [02/06/2008|23:14] C:\Arquivos de programas\MessengerPlus! 3 [26/03/2009|19:31] C:\Arquivos de programas\Microsoft [11/07/2008|02:10] C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2 [02/06/2008|15:19] C:\Arquivos de programas\microsoft frontpage [16/06/2008|11:50] C:\Arquivos de programas\Microsoft LifeCam [26/03/2009|15:46] C:\Arquivos de programas\Microsoft Office [16/04/2009|18:39] C:\Arquivos de programas\Microsoft Office Outlook Connector [02/06/2008|22:26] C:\Arquivos de programas\Microsoft.NET [07/09/2008|03:54] C:\Arquivos de programas\Movie Maker [17/04/2009|12:45] C:\Arquivos de programas\Mozilla Firefox [25/03/2009|22:22] C:\Arquivos de programas\MSECache [02/06/2008|15:14] C:\Arquivos de programas\MSN Gaming Zone [04/06/2008|23:53] C:\Arquivos de programas\MSXML 4.0 [02/06/2008|15:52] C:\Arquivos de programas\NETGEAR [07/09/2008|03:49] C:\Arquivos de programas\NetMeeting [07/09/2008|03:49] C:\Arquivos de programas\Outlook Express [11/06/2008|14:44] C:\Arquivos de programas\QuickTime [03/06/2008|01:34] C:\Arquivos de programas\RAM Idle LE [15/07/2008|19:22] C:\Arquivos de programas\Real Alternative [02/06/2008|15:17] C:\Arquivos de programas\Servi‡os on-line [14/07/2008|14:50] C:\Arquivos de programas\Siemens Subscriber Networks [02/06/2008|15:29] C:\Arquivos de programas\Synaptics [02/06/2008|15:24] C:\Arquivos de programas\Uninstall Information [08/12/2008|16:54] C:\Arquivos de programas\VDOWNLOADER [14/07/2008|14:56] C:\Arquivos de programas\Velox [02/06/2008|15:26] C:\Arquivos de programas\VIA [02/06/2008|15:26] C:\Arquivos de programas\VIAudioi [26/03/2009|19:36] C:\Arquivos de programas\Windows Live [26/03/2009|19:30] C:\Arquivos de programas\Windows Live SkyDrive [30/12/2008|22:21] C:\Arquivos de programas\Windows Media Connect 2 [30/12/2008|22:21] C:\Arquivos de programas\Windows Media Player [07/09/2008|03:49] C:\Arquivos de programas\Windows NT [02/06/2008|15:17] C:\Arquivos de programas\WindowsUpdate [11/06/2008|11:23] C:\Arquivos de programas\WinRAR [02/06/2008|15:19] C:\Arquivos de programas\xerox [06/02/2009|00:41] C:\Arquivos de programas\Xpress Software [02/03/2009|19:24] C:\Arquivos de programas\YafaRay [13/06/2008|14:21] C:\Arquivos de programas\YafRay --------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns [26/07/2008|22:44] C:\Arquivos de programas\Arquivos comuns\Adobe [09/06/2008|12:25] C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared [07/08/2008|20:40] C:\Arquivos de programas\Arquivos comuns\Borland Shared [04/06/2008|12:01] C:\Arquivos de programas\Arquivos comuns\Corel [04/06/2008|12:05] C:\Arquivos de programas\Arquivos comuns\DESIGNER [10/07/2008|14:06] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard [10/07/2008|14:09] C:\Arquivos de programas\Arquivos comuns\HP [13/01/2009|21:02] C:\Arquivos de programas\Arquivos comuns\InstallShield [16/10/2008|22:44] C:\Arquivos de programas\Arquivos comuns\Java [11/06/2008|12:52] C:\Arquivos de programas\Arquivos comuns\Macrovision Shared [26/03/2009|19:30] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared [02/06/2008|15:16] C:\Arquivos de programas\Arquivos comuns\MSSoap [02/06/2008|12:10] C:\Arquivos de programas\Arquivos comuns\ODBC [02/06/2008|15:16] C:\Arquivos de programas\Arquivos comuns\Servi‡os [02/06/2008|12:10] C:\Arquivos de programas\Arquivos comuns\SpeechEngines [27/03/2009|17:07] C:\Arquivos de programas\Arquivos comuns\SWF Studio [16/04/2009|18:39] C:\Arquivos de programas\Arquivos comuns\System [26/03/2009|19:20] C:\Arquivos de programas\Arquivos comuns\Windows Live [02/06/2008|21:18] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller --------------------\\ Process ( 37 Processes ) ... OK ! --------------------\\ Procura pelo S_Lop Não foram encontradas pastas com o Lop! --------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop Não foram encontradas pastas com o Lop! --------------------\\ Procura no Registro [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ..... OK ! --------------------\\ Verificando o Arquivos/Ficheiros Hosts Arquivos/Ficheiros Hosts LIMPO --------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-17 13:37:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 115 --------------------\\ Procurando por outras infecções --------------------\\ Cracks & Keygens .. C:\DOCUME~1\VICTOR~1\Dados de aplicativos\Alien Skin\Xenofex 2\Cracks C:\DOCUME~1\VICTOR~1\Dados de aplicativos\Alien Skin\Xenofex 2\Cracks\Last Used C:\DOCUME~1\VICTOR~1\Favoritos\Downloads\http--www.downloadsfacil.com-2008-01-22-adobe-photoshop-cs2-completo-crack-.url C:\DOCUME~1\VICTOR~1\Meus documentos\Downloads\Fontes\CRACKMAN.TTF C:\DOCUME~1\VICTOR~1\Meus documentos\Downloads\Fontes\NEWCRACK.TTF C:\DOCUME~1\VICTOR~1\Meus documentos\Downloads\Nitropc_By_WELLINGTON\Crack C:\DOCUME~1\VICTOR~1\Meus documentos\Downloads\Nitropc_By_WELLINGTON\Crack\byDefacer.dll C:\DOCUME~1\VICTOR~1\Meus documentos\Downloads\Nitropc_By_WELLINGTON\Crack\NitroPC.exe C:\DOCUME~1\VICTOR~1\Meus documentos\My Completed Downloads\crack_CDX4__by_rafaloko.rar C:\DOCUME~1\VICTOR~1\Meus documentos\My Completed Downloads\corel\crack_CDX4 C:\DOCUME~1\VICTOR~1\Meus documentos\My Completed Downloads\corel\crack_CDX4\CorelDrw.dll C:\DOCUME~1\VICTOR~1\Meus documentos\My Completed Downloads\corel\crack_CDX4\CorelPP.dll C:\DOCUME~1\VICTOR~1\Meus documentos\My Completed Downloads\corel\crack_CDX4\crlutl.dll C:\DOCUME~1\VICTOR~1\Meus documentos\My Completed Downloads\corel\crack_CDX4\instal_crackcorel_x4.txt C:\DOCUME~1\VICTOR~1\Meus documentos\My Completed Downloads\corel\crack_CDX4\Linka Gr tis Downloads.url C:\DOCUME~1\VICTOR~1\Meus documentos\My Completed Downloads\corel\crack_CDX4\SERIAL.TXT [F:334][D:19]-> C:\DOCUME~1\VICTOR~1\CONFIG~1\Temp [F:106][D:0]-> C:\DOCUME~1\VICTOR~1\Cookies [F:3631][D:9]-> C:\DOCUME~1\VICTOR~1\CONFIG~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - --- 17/04/2009|13:40 - Option : [2] --------------------\\ Verificação completa em 13:40:28 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:44:22, on 17/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe c:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\DRIVERS\WtSrv.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\RAM Idle LE\RAM_XP.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\WINDOWS\vVX3000.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Glary Utilities\memdefrag.exe C:\WINDOWS\system32\ctfmon.exe C:\Hi\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RAM Idle Professional] C:\Arquivos de programas\RAM Idle LE\RAM_XP.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Arquivos de programas\Glary Utilities\memdefrag.exe" /autostart O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/ O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe -- End of file - 6336 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Abril 18, 2009 Olá Delete a pasta C:\Lop SD. - Faça o download do RSIT e salve no seu desktop; ● Dê dois cliques em RSIT.exe para executar o programa; ● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar; ● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta; ● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt. Compartilhar este post Link para o post Compartilhar em outros sites
vitotiBM 0 Denunciar post Postado Abril 18, 2009 Cara mais uma vez valeu pela atenção.... fiz o que pediu... os logs estao abaixo Logfile of random's system information tool 1.06 (written by random/random) Run by victor bruno at 2009-04-18 03:13:06 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 12 GB (32%) free of 38 GB Total RAM: 479 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:14:20, on 18/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe c:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\DRIVERS\WtSrv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\RAM Idle LE\RAM_XP.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\WINDOWS\vVX3000.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Glary Utilities\memdefrag.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\victor bruno\Desktop\RSIT.exe C:\Hi\victor bruno.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RAM Idle Professional] C:\Arquivos de programas\RAM Idle LE\RAM_XP.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Arquivos de programas\Glary Utilities\memdefrag.exe" /autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/ O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe -- End of file - 6275 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GlaryInitialize.job C:\WINDOWS\tasks\User_Feed_Synchronization-{28A9E485-D676-42A3-836A-1C6CDC3FFCC2}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2009-02-02 1078552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2009-01-18 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-01-18 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-18 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RAM Idle Professional"=C:\Arquivos de programas\RAM Idle LE\RAM_XP.exe [2006-01-17 135168] "ISUSPM Startup"=C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856] "ISUSScheduler"=C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe [2005-08-11 81920] "VX3000"=C:\WINDOWS\vVX3000.exe [2006-12-05 707360] "QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2008-05-27 413696] "AVG8_TRAY"=C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2009-02-02 1601304] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408] "Glary Memory Optimizer"=C:\Arquivos de programas\Glary Utilities\memdefrag.exe [2008-03-05 92160] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3DBoxShot] C:\ARQUIV~1\3DBOXS~1\3DBoxShot.exe [2006-09-29 479232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe [2006-06-01 536576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotKey] C:\WINDOWS\MHOTKEY.exe [2003-06-02 472576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe [2008-06-02 190024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\ARQUIV~1\WINDOW~4\MESSEN~1\msnmsgr.exe [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe [2006-04-04 737369] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000] C:\WINDOWS\vVX3000.exe [2006-12-05 707360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^victor bruno^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk] C:\ARQUIV~1\ARQUIV~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-02-02 10520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= scecli scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Arquivos de programas\DreaMule\emule.exe"="C:\Arquivos de programas\DreaMule\emule.exe:*:Enabled:Dreamule" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Console de gerenciamento Microsoft" "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Compartilhamento de aplicativo RTC" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e88436-9f7c-11dd-bf85-000d87bab17a}] shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdb69761-414b-11dd-be53-00184dd65dc6}] shell\AutoRun\command - fooool.exe shell\explore\command - fooool.exe shell\open\command - fooool.exe ======File associations====== .js - open - "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1" ======List of files/folders created in the last 1 months====== 2009-04-18 02:49:35 ----D---- C:\rsit 2009-04-17 01:48:44 ----D---- C:\Hi 2009-04-16 18:39:34 ----D---- C:\Arquivos de programas\Microsoft Office Outlook Connector 2009-04-08 13:13:12 ----A---- C:\Documento recuperado.txt 2009-04-05 01:29:34 ----D---- C:\Documents and Settings\victor bruno\Dados de aplicativos\Opera 2009-04-02 11:13:58 ----A---- C:\WINDOWS\hpdj3740.ini 2009-03-27 17:07:34 ----D---- C:\Arquivos de programas\Arquivos comuns\SWF Studio 2009-03-26 19:31:07 ----D---- C:\Arquivos de programas\Microsoft 2009-03-26 19:30:20 ----D---- C:\Arquivos de programas\Windows Live SkyDrive 2009-03-26 19:20:29 ----D---- C:\Arquivos de programas\Arquivos comuns\Windows Live 2009-03-26 01:24:02 ----D---- C:\Documents and Settings\victor bruno\Dados de aplicativos\Mozilla 2009-03-26 01:23:44 ----D---- C:\Arquivos de programas\Mozilla Firefox 2009-03-25 22:22:25 ----D---- C:\Arquivos de programas\MSECache 2009-03-24 12:22:38 ----A---- C:\WINDOWS\system32\lfpng13n.dll ======List of files/folders modified in the last 1 months====== 2009-04-18 03:05:35 ----D---- C:\WINDOWS\system32\drivers 2009-04-18 03:05:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-04-18 01:38:04 ----D---- C:\WINDOWS\Temp 2009-04-18 01:37:59 ----HD---- C:\WINDOWS\inf 2009-04-18 01:37:59 ----D---- C:\WINDOWS 2009-04-18 01:37:52 ----D---- C:\WINDOWS\system32\CatRoot2 2009-04-18 01:36:33 ----RD---- C:\Arquivos de programas 2009-04-18 00:40:16 ----D---- C:\Arquivos de programas\Arquivos comuns 2009-04-18 00:40:10 ----SHD---- C:\WINDOWS\Installer 2009-04-18 00:40:10 ----HD---- C:\Config.Msi 2009-04-18 00:40:07 ----D---- C:\WINDOWS\system32 2009-04-17 15:25:44 ----D---- C:\WINDOWS\Debug 2009-04-17 15:25:42 ----D---- C:\WINDOWS\Minidump 2009-04-17 13:34:03 ----SD---- C:\WINDOWS\Tasks 2009-04-16 18:39:36 ----D---- C:\Arquivos de programas\Arquivos comuns\System 2009-04-16 18:24:13 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-04-16 17:15:53 ----D---- C:\WINDOWS\Prefetch 2009-04-16 17:04:54 ----D---- C:\WINDOWS\system32\wbem 2009-04-16 17:04:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-04-16 16:54:37 ----D---- C:\Arquivos de programas\Internet Explorer 2009-04-16 16:54:36 ----D---- C:\WINDOWS\AppPatch 2009-04-16 16:46:00 ----D---- C:\WINDOWS\system32\pt-br 2009-04-16 16:43:54 ----HD---- C:\WINDOWS\$hf_mig$ 2009-04-16 16:41:12 ----N---- C:\WINDOWS\win.ini 2009-04-16 16:29:32 ----D---- C:\WINDOWS\system32\CatRoot 2009-04-16 15:41:59 ----D---- C:\WINDOWS\SoftwareDistribution 2009-04-16 13:50:05 ----A---- C:\WINDOWS\DUMP595b.tmp 2009-04-16 13:03:19 ----A---- C:\WINDOWS\DUMP6bd9.tmp 2009-04-16 12:44:06 ----A---- C:\WINDOWS\DUMP74a3.tmp 2009-04-15 22:49:38 ----A---- C:\WINDOWS\DUMP71e4.tmp 2009-04-13 16:13:58 ----HD---- C:\$AVG8.VAULT$ 2009-04-10 19:42:49 ----D---- C:\Arquivos de programas\DreaMule 2009-04-10 02:08:14 ----D---- C:\Arquivos de programas\Clevo 2009-04-06 21:27:47 ----D---- C:\Documents and Settings\victor bruno\Dados de aplicativos\Image Zone Express 2009-04-06 11:57:24 ----A---- C:\WINDOWS\system32\MRT.exe 2009-04-02 11:16:39 ----D---- C:\WINDOWS\twain_32 2009-03-31 10:40:10 ----D---- C:\Arquivos de programas\Messenger Plus! Live 2009-03-27 20:53:59 ----D---- C:\tmp 2009-03-26 19:36:40 ----D---- C:\Arquivos de programas\Windows Live 2009-03-26 19:32:50 ----D---- C:\WINDOWS\WinSxS 2009-03-26 19:30:43 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft 2009-03-26 19:30:42 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared 2009-03-26 19:29:31 ----RSD---- C:\WINDOWS\Fonts 2009-03-26 15:46:44 ----D---- C:\Arquivos de programas\Microsoft Office 2009-03-24 12:22:32 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-03-21 11:08:53 ----A---- C:\WINDOWS\system32\kernel32.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-02 325128] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-02 27656] R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-02 107272] R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-02 17801] R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120] R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496] R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol); C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232] R3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-03 166912] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-03-23 922148] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-04 191168] R3 usbaudio;Driver de áudio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-04-13 204160] R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2006-12-05 1964064] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS [] S3 ENETHUSB;Speedstream Ethernet USB Adapter; C:\WINDOWS\system32\DRIVERS\enethusb.sys [2004-07-23 28857] S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 kvnet;Kerio Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\kvnet.sys [2009-03-23 29696] S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; C:\WINDOWS\system32\DRIVERS\kwflower.sys [] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288] S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2000-06-13 15370] S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2003-03-05 23202] S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2003-03-05 11090] S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 362944] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avg8emc;AVG8 E-mail Scanner; C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2009-02-02 903960] R2 avg8wd;AVG8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2009-02-02 298264] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-01-18 152984] R2 MSCamSvc;MSCamSvc; c:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632] R2 WinTabService;WinTab Service; C:\WINDOWS\system32\DRIVERS\WtSrv.exe [2003-09-29 40960] S3 Adobe LM Service;Adobe LM Service; C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-09 72704] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-11 654848] S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] -----------------EOF----------------- Info.txt info.txt logfile of random's system information tool 1.06 2009-04-18 02:56:27 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3D Box Shot Maker - freeware v1.0-->C:\ARQUIV~1\3DBOXS~1\UNWISE.EXE C:\ARQUIV~1\3DBOXS~1\INSTALL.LOG Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe Dreamweaver CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c6232\Setup.exe Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3} Adobe Flash CS3 Professional-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9} Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2} Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 7.0 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A70000000000} Adobe Setup-->MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6} Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2} Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Alien Skin Eye Candy 5 Impact-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\Unwise32.exe C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\INSTALL.LOG Alien Skin Eye Candy 5 Nature-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~2\Unwise32.exe C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~2\INSTALL.LOG Alien Skin Eye Candy 5 Textures-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~3\UNWISE.EXE C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~3\INSTALL.LOG Alien Skin Snap Art-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\SNAPAR~1\Unwise32.exe C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\SNAPAR~1\INSTALL.LOG Alien Skin Xenofex 2.0-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~2\UNWISE.EXE C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~2\INSTALL.LOG Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48} Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" AVG Free 8.0-->C:\Arquivos de programas\AVG\AVG8\setup.exe /UNINSTALL Blender (remove only)-->"C:\Arquivos de programas\Blender Foundation\Blender\uninstall.exe" BR-->MsiExec.exe /I{C57CD366-C6BE-45B5-B5C6-0424E506F1D0} CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} CorelDRAW Graphics Suite X3-->MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} DreaMule 3.2-->"C:\Arquivos de programas\DreaMule\unins000.exe" Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE} Glary Utilities 2.6-->"C:\Arquivos de programas\Glary Utilities\unins000.exe" HijackThis 2.0.2-->"C:\Documents and Settings\victor bruno\Meus documentos\My Completed Downloads\HijackThis.exe" /uninstall Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" HP Extended Capabilities 5.3-->C:\Arquivos de programas\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900} HP Imaging Device Functions 5.3-->C:\Arquivos de programas\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP PSC & OfficeJet 5.3.B-->"C:\Arquivos de programas\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Solution Center & Imaging Support Tools 5.3-->C:\Arquivos de programas\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat Informações Velox-->"C:\Arquivos de programas\Velox\Misc\unins000.exe" Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} K-Lite Codec Pack 4.0.0 (Full)-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe" LightDialer 3.0-->"C:\Arquivos de programas\Velox\Discador\unins000.exe" LightModem 3.0-->"C:\Arquivos de programas\Velox\Modem\unins000.exe" Messenger Plus! 3-->"C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /Remove Messenger Plus! Live & Sponsor (CiD)-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe" Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft LifeCam-->MsiExec.exe /X{6C579DEB-2905-4331-9EF0-285A63B09062} Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0416-0000-0000000FF1CE} Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Motorola SM56 Data Fax Modem-->rundll32.exe sm56co.dll,SM56UnInstaller Mozilla Firefox (3.0.8)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Multimedia Keyboard Driver Uninstall-->UninstIt.exe CNK001.ini MV RegClean 5.5-->"C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 5.5\unins000.exe" NETGEAR RangeMax Wireless USB 2.0 Adapter WPN111-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}\Setup.exe" PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F} Qt Libs 4.4.1 for Yaf(a)ray-->"C:\WINDOWS\unins000.exe" QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} RAM Idle LE-->"C:\Arquivos de programas\RAM Idle LE\unins000.exe" Real Alternative 1.8.0-->"C:\Arquivos de programas\Real Alternative\unins000.exe" Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Siemens Subscriber Networks SpeedStream DSL-->C:\Arquivos de programas\Siemens Subscriber Networks\SpeedStream DSL\setup.exe -uninstall Synaptics Pointing Device Driver-->rundll32.exe "C:\Arquivos de programas\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA} VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880} VDownloader 0.75-->"C:\Arquivos de programas\VDOWNLOADER\unins000.exe" VIA Platform Device Manager-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{3B96F4EA-CD82-4C57-B86A-646A017CAF18} Windows Live Mail-->MsiExec.exe /I{852E74A9-74F1-4F71-BE3E-991A48EF232D} Windows Live Messenger-->MsiExec.exe /X{C8DD4EAD-674B-461B-94D5-4C80CCFB8401} Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Arquivos de programas\WinRAR\uninstall.exe Yaf(a)Ray 0.1.0 (r299)-->"C:\Arquivos de programas\YafaRay\unins000.exe" Yet Another Free RayTracer for Windows 0.0.9-->"C:\Arquivos de programas\YafRay\unins000.exe" ======Hosts File====== 127.0.0.1 localhost ======Security center information====== AV: AVG Anti-Virus Free ======System event log====== Computer Name: VICTORBRUNO Event Code: 7036 Message: O serviço Gerenciador de conexão de acesso remoto entrou no estado interrompido. Record Number: 47158 Source Name: Service Control Manager Time Written: 20090417164520.000000-180 Event Type: Informações User: Computer Name: VICTORBRUNO Event Code: 20035 Message: O Gerenciador de conexão de acesso remoto não pôde ser iniciado porque não conseguiu criar os buffers. Reinicie o computador. Acesso negado. Record Number: 47157 Source Name: Rasman Time Written: 20090417164519.000000-180 Event Type: Erro User: Computer Name: VICTORBRUNO Event Code: 7035 Message: O serviço Gerenciador de conexão de acesso remoto recebeu com êxito um controle Iniciar. Record Number: 47156 Source Name: Service Control Manager Time Written: 20090417164519.000000-180 Event Type: Informações User: VICTORBRUNO\victor bruno Computer Name: VICTORBRUNO Event Code: 7023 Message: O serviço Gerenciador de conexão de acesso remoto terminou com o erro: Acesso negado. Record Number: 47155 Source Name: Service Control Manager Time Written: 20090417164213.000000-180 Event Type: Erro User: Computer Name: VICTORBRUNO Event Code: 7036 Message: O serviço Gerenciador de conexão de acesso remoto entrou no estado interrompido. Record Number: 47154 Source Name: Service Control Manager Time Written: 20090417164213.000000-180 Event Type: Informações User: =====Application event log===== Computer Name: VICTORBRUNO Event Code: 301 Message: msnmsgr (160) \\.\C:\Documents and Settings\victor bruno\Configurações locais\Dados de aplicativos\Microsoft\Messenger\toti_dg@hotmail.com\SharingMetadata\Working\database_280C_59B2_C59_7BAE\dfsr.db: O mecanismo de banco de dados está reproduzindo novamente o arquivo de log \\.\C:\Documents and Settings\victor bruno\Configurações locais\Dados de aplicativos\Microsoft\Messenger\toti_dg@hotmail.com\SharingMetadata\Working\database_280C_59B2_C59_7BAE\fsr0076E.log. Record Number: 17103 Source Name: ESENT Time Written: 20090323223223.000000-180 Event Type: Informações User: Computer Name: VICTORBRUNO Event Code: 301 Message: msnmsgr (160) \\.\C:\Documents and Settings\victor bruno\Configurações locais\Dados de aplicativos\Microsoft\Messenger\toti_dg@hotmail.com\SharingMetadata\Working\database_280C_59B2_C59_7BAE\dfsr.db: O mecanismo de banco de dados está reproduzindo novamente o arquivo de log \\.\C:\Documents and Settings\victor bruno\Configurações locais\Dados de aplicativos\Microsoft\Messenger\toti_dg@hotmail.com\SharingMetadata\Working\database_280C_59B2_C59_7BAE\fsr0076D.log. Record Number: 17102 Source Name: ESENT Time Written: 20090323223223.000000-180 Event Type: Informações User: Computer Name: VICTORBRUNO Event Code: 301 Message: msnmsgr (160) \\.\C:\Documents and Settings\victor bruno\Configurações locais\Dados de aplicativos\Microsoft\Messenger\toti_dg@hotmail.com\SharingMetadata\Working\database_280C_59B2_C59_7BAE\dfsr.db: O mecanismo de banco de dados está reproduzindo novamente o arquivo de log \\.\C:\Documents and Settings\victor bruno\Configurações locais\Dados de aplicativos\Microsoft\Messenger\toti_dg@hotmail.com\SharingMetadata\Working\database_280C_59B2_C59_7BAE\fsr0076C.log. Record Number: 17101 Source Name: ESENT Time Written: 20090323223223.000000-180 Event Type: Informações User: Computer Name: VICTORBRUNO Event Code: 301 Message: msnmsgr (160) \\.\C:\Documents and Settings\victor bruno\Configurações locais\Dados de aplicativos\Microsoft\Messenger\toti_dg@hotmail.com\SharingMetadata\Working\database_280C_59B2_C59_7BAE\dfsr.db: O mecanismo de banco de dados está reproduzindo novamente o arquivo de log \\.\C:\Documents and Settings\victor bruno\Configurações locais\Dados de aplicativos\Microsoft\Messenger\toti_dg@hotmail.com\SharingMetadata\Working\database_280C_59B2_C59_7BAE\fsr0076B.log. Record Number: 17100 Source Name: ESENT Time Written: 20090323223222.000000-180 Event Type: Informações User: Computer Name: VICTORBRUNO Event Code: 301 Message: msnmsgr (160) \\.\C:\Documents and Settings\victor bruno\Configurações locais\Dados de aplicativos\Microsoft\Messenger\toti_dg@hotmail.com\SharingMetadata\Working\database_280C_59B2_C59_7BAE\dfsr.db: O mecanismo de banco de dados está reproduzindo novamente o arquivo de log \\.\C:\Documents and Settings\victor bruno\Configurações locais\Dados de aplicativos\Microsoft\Messenger\toti_dg@hotmail.com\SharingMetadata\Working\database_280C_59B2_C59_7BAE\fsr0076A.log. Record Number: 17099 Source Name: ESENT Time Written: 20090323223222.000000-180 Event Type: Informações User: ======Environment variables====== "CLASSPATH"=.;C:\Arquivos de programas\Java\jre1.6.0_05\lib\ext\QTJava.zip "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=1 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Arquivos de programas\Arquivos comuns\Adobe\AGL;C:\Arquivos de programas\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel "PROCESSOR_LEVEL"=15 "PROCESSOR_REVISION"=0209 "QTJAVA"=C:\Arquivos de programas\Java\jre1.6.0_05\lib\ext\QTJava.zip "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "windir"=%SystemRoot% -----------------EOF----------------- Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Abril 19, 2009 Baixe o ComboFix e salve-o no desktop. Mas não execute-o dando dois cliques. NOTA: Se possuir um pen drive, MP3, MP4 ou qualquer outro tipo de mídia removível, por favor, conecte-o(s) ao PC. Selecione e copie este conteúdo abaixo e cole-o no Bloco de Notas do PC. Salve-o no desktop como CFScript.txt Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e88436-9f7c-11dd-bf85-000d87bab17a}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdb69761-414b-11dd-be53-00184dd65dc6}] DirLook:: C:\tmp Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta: ● Se for solicitado à você, pressione Enter para iniciar o processo de remoção; ● Não use o mouse nem o teclado quando o ComboFix estiver rodando; ● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt; ● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente. Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis. Compartilhar este post Link para o post Compartilhar em outros sites
vitotiBM 0 Denunciar post Postado Abril 20, 2009 Cara, obrigado novamente pela anteção... rodei o combofix, mas mesmo desabilitando o AVG ele acusou estar ativo, mas rodou... não percebi nada de ruim na máquina, pelo contrário, não sei se é coisa da minha cabeça, mas parece que o pc ta mais rapido e a internet está tb :P mas o problema ainda continua... é assim mesmo? ta ai os logs: ComboFix 09-04-20.09 - victor bruno 20/04/2009 8:01.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.479.257 [GMT -3:00] Executando de: c:\documents and settings\victor bruno\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\victor bruno\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\pthreadVC.dll . (((((((((((((((( Arquivos/Ficheiros criados de 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))) . 2009-04-18 05:49 . 2009-04-18 05:56 -------- d-----w C:\rsit 2009-04-17 17:24 . 2009-04-17 17:24 -------- d-----w c:\documents and settings\victor bruno\Dados de aplicativos\Malwarebytes 2009-04-17 17:23 . 2009-04-17 17:23 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-04-17 04:48 . 2009-04-18 06:13 -------- d-----w C:\Hi 2009-04-16 19:31 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 19:31 . 2009-03-06 14:20 286208 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 19:31 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 19:31 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 19:31 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 19:31 . 2009-02-09 10:53 683520 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 19:31 . 2009-02-09 10:53 731648 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 19:31 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 19:31 . 2009-02-09 10:53 730624 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 19:27 . 2009-03-27 06:53 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-16 19:27 . 2008-04-21 21:15 216064 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-02 14:14 . 2009-04-02 14:16 5231 ----a-w c:\windows\hpdj3740.his 2009-04-02 14:13 . 2009-04-02 14:16 1120 ----a-w c:\windows\hpdj3740.ini 2009-03-26 22:40 . 2009-04-20 11:12 -------- d-----w c:\documents and settings\victor bruno\Tracing 2009-03-26 04:24 . 2009-03-26 04:24 0 ----a-w c:\windows\nsreg.dat 2009-03-26 04:24 . 2009-03-26 04:24 -------- d-----w c:\documents and settings\victor bruno\Configurações locais\Dados de aplicativos\Mozilla 2009-03-24 15:22 . 2003-11-04 18:11 159744 ----a-w c:\windows\system32\lfpng13n.dll 2009-03-23 13:25 . 2009-03-23 13:25 29696 ----a-w c:\windows\system32\drivers\kvnet.sys 2009-03-21 14:08 . 2009-03-21 14:08 1028608 -c----w c:\windows\system32\dllcache\kernel32.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-18 06:28 . 2008-06-06 18:49 -------- d-----w c:\arquivos de programas\GENIUS TABLET 2009-04-18 06:12 . 2009-04-18 04:36 -------- d-----w c:\arquivos de programas\Panda Security 2009-04-17 16:40 . 2009-04-17 16:31 13788 ----a-w C:\lopR.txt 2009-04-17 03:14 . 2008-06-02 18:58 38328 ----a-w c:\documents and settings\victor bruno\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2009-04-16 21:39 . 2009-04-16 21:39 -------- d-----w c:\arquivos de programas\Microsoft Office Outlook Connector 2009-04-16 20:04 . 2006-03-02 12:00 49804 ----a-w c:\windows\system32\perfc016.dat 2009-04-16 20:04 . 2006-03-02 12:00 347648 ----a-w c:\windows\system32\perfh016.dat 2009-04-16 19:06 . 2009-04-16 19:05 6261 ----a-w c:\windows\system32\drivers\kwflower.log 2009-04-16 16:50 . 2008-06-02 15:00 90112 ----a-w c:\windows\DUMP595b.tmp 2009-04-16 16:03 . 2008-06-02 15:00 90112 ----a-w c:\windows\DUMP6bd9.tmp 2009-04-16 15:44 . 2008-06-02 15:00 90112 ----a-w c:\windows\DUMP74a3.tmp 2009-04-16 01:49 . 2008-06-02 15:00 90112 ----a-w c:\windows\DUMP71e4.tmp 2009-04-11 02:52 . 2008-06-20 01:38 230424 ----a-w C:\img2-001.raw 2009-04-10 22:42 . 2008-08-31 23:26 -------- d-----w c:\arquivos de programas\DreaMule 2009-04-10 05:08 . 2008-06-02 18:29 -------- d-----w c:\arquivos de programas\Clevo 2009-04-08 16:13 . 2009-04-08 16:13 7369 ----a-w C:\Documento recuperado.txt 2009-04-07 00:27 . 2008-07-10 17:40 -------- d-----w c:\documents and settings\victor bruno\Dados de aplicativos\Image Zone Express 2009-03-31 13:40 . 2008-06-03 02:21 -------- d-----w c:\arquivos de programas\Messenger Plus! Live 2009-03-27 20:07 . 2009-03-27 20:07 -------- d-----w c:\arquivos de programas\Arquivos comuns\SWF Studio 2009-03-26 22:36 . 2008-06-03 00:10 -------- d-----w c:\arquivos de programas\Windows Live 2009-03-26 22:31 . 2009-03-26 22:31 -------- d-----w c:\arquivos de programas\Microsoft 2009-03-26 22:30 . 2009-03-26 22:30 -------- d-----w c:\arquivos de programas\Windows Live SkyDrive 2009-03-26 22:20 . 2009-03-26 22:20 -------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live 2009-03-26 01:22 . 2009-03-26 01:22 -------- d-----w c:\arquivos de programas\MSECache 2009-03-11 00:06 . 2009-02-11 22:25 -------- d-----w c:\arquivos de programas\3DBoxShotMaker 2009-03-06 14:20 . 2008-09-07 04:31 286208 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:06 . 2006-03-02 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-03-02 22:25 . 2009-03-02 22:25 2178 ----a-w c:\windows\unins000.dat 2009-03-02 22:25 . 2009-03-02 22:25 695578 ----a-w c:\windows\unins000.exe 2009-03-02 22:24 . 2009-02-19 02:52 -------- d-----w c:\arquivos de programas\YafaRay 2009-02-20 17:11 . 2008-09-07 04:32 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-10 22:07 . 2008-09-07 04:30 2070272 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 14:06 . 2008-09-07 04:30 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:25 . 2008-09-07 04:30 2193280 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:25 . 2008-09-07 04:30 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:53 . 2008-09-07 04:31 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:53 . 2008-09-07 04:30 683520 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:53 . 2008-09-07 04:30 731648 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:53 . 2008-09-07 04:30 730624 ----a-w c:\windows\system32\ntdll.dll 2009-02-06 21:52 . 2009-02-06 21:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-06 15:34 . 2008-08-07 23:41 13030 ----a-w C:\PDOXUSRS.NET 2009-02-06 10:39 . 2006-03-02 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:58 . 2008-09-07 04:30 56832 ----a-w c:\windows\system32\secur32.dll 2009-02-02 05:36 . 2008-06-02 19:16 10520 ----a-w c:\windows\system32\avgrsstx.dll 2008-09-07 07:25 . 2008-09-07 07:26 32768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008090720080908\index.dat . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\tmp ---- 2009-03-04 21:05 . 2009-03-04 21:50 1993452 ----a-w c:\tmp\296.blend 2009-03-02 23:04 . 2009-03-02 23:14 133376 ----a-w c:\tmp\3788.blend 2009-03-02 22:30 . 2009-03-02 22:40 171172 ----a-w c:\tmp\2008.blend 2009-03-02 22:29 . 2009-03-02 22:29 7930 ----a-w c:\tmp\00005.png 2009-03-02 22:28 . 2009-03-02 22:28 1962 ----a-w c:\tmp\00004.png 2009-03-02 13:40 . 2009-03-02 21:27 132072 ----a-w c:\tmp\3444.blend 2009-03-02 02:04 . 2009-03-02 04:59 131216 ----a-w c:\tmp\2480.blend 2009-02-19 02:59 . 2009-02-19 02:59 125148 ----a-w c:\tmp\3964.blend 2008-12-31 00:40 . 2008-12-31 00:40 15556 ----a-w c:\tmp\0050.jpg 2008-12-31 00:40 . 2008-12-31 00:40 15556 ----a-w c:\tmp\0049.jpg 2008-12-31 00:40 . 2008-12-31 00:40 15556 ----a-w c:\tmp\0048.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0047.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0046.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0045.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0044.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0043.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0042.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0041.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0040.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0039.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0038.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0037.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0036.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0035.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0034.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0033.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0032.jpg 2008-12-31 00:39 . 2008-12-31 00:39 15556 ----a-w c:\tmp\0031.jpg 2008-12-31 00:38 . 2008-12-31 00:38 15556 ----a-w c:\tmp\0030.jpg 2008-12-31 00:38 . 2008-12-31 00:38 15556 ----a-w c:\tmp\0029.jpg 2008-12-31 00:38 . 2008-12-31 00:38 15556 ----a-w c:\tmp\0028.jpg 2008-12-31 00:37 . 2008-12-31 00:37 15556 ----a-w c:\tmp\0027.jpg 2008-12-31 00:37 . 2008-12-31 00:37 15556 ----a-w c:\tmp\0026.jpg 2008-12-31 00:37 . 2008-12-31 00:37 15556 ----a-w c:\tmp\0025.jpg 2008-12-31 00:36 . 2008-12-31 00:36 15594 ----a-w c:\tmp\0024.jpg 2008-12-31 00:36 . 2008-12-31 00:36 15564 ----a-w c:\tmp\0023.jpg 2008-12-31 00:35 . 2008-12-31 00:35 15532 ----a-w c:\tmp\0022.jpg 2008-12-31 00:35 . 2008-12-31 00:35 15584 ----a-w c:\tmp\0021.jpg 2008-12-31 00:35 . 2008-12-31 00:35 15597 ----a-w c:\tmp\0020.jpg 2008-12-31 00:35 . 2008-12-31 00:35 15631 ----a-w c:\tmp\0019.jpg 2008-12-31 00:35 . 2008-12-31 00:35 15651 ----a-w c:\tmp\0018.jpg 2008-12-31 00:35 . 2008-12-31 00:35 15640 ----a-w c:\tmp\0017.jpg 2008-12-31 00:34 . 2008-12-31 00:34 15614 ----a-w c:\tmp\0016.jpg 2008-12-31 00:34 . 2008-12-31 00:34 15639 ----a-w c:\tmp\0015.jpg 2008-12-31 00:33 . 2008-12-31 00:33 15642 ----a-w c:\tmp\0014.jpg 2008-12-31 00:33 . 2008-12-31 00:33 15588 ----a-w c:\tmp\0013.jpg 2008-12-31 00:33 . 2008-12-31 00:33 15498 ----a-w c:\tmp\0012.jpg 2008-12-31 00:33 . 2008-12-31 01:24 18350 ----a-w c:\tmp\0011.jpg 2008-12-31 00:32 . 2008-12-31 01:24 18153 ----a-w c:\tmp\0010.jpg 2008-12-31 00:32 . 2008-12-31 01:24 17790 ----a-w c:\tmp\0009.jpg 2008-12-31 00:32 . 2008-12-31 01:24 19295 -c--a-w c:\tmp\0008.jpg 2008-12-31 00:32 . 2009-03-02 21:38 7962 ----a-w c:\tmp\0007.jpg 2008-12-31 00:32 . 2009-03-02 21:36 7962 ----a-w c:\tmp\0006.jpg 2008-12-31 00:32 . 2009-03-02 21:35 7962 ----a-w c:\tmp\0005.jpg 2008-12-31 00:31 . 2009-03-02 21:34 7962 ----a-w c:\tmp\0004.jpg 2008-12-31 00:31 . 2009-03-02 21:32 7962 ----a-w c:\tmp\0003.jpg 2008-12-31 00:31 . 2009-03-02 21:31 7962 ----a-w c:\tmp\0002.jpg 2008-12-31 00:31 . 2009-03-02 21:30 7962 ----a-w c:\tmp\0001.jpg 2008-09-26 19:14 . 2008-09-26 19:49 125876 ----a-w c:\tmp\2924.blend 2008-09-24 15:38 . 2009-03-27 23:53 289000 ----a-w c:\tmp\quit.blend 2008-09-16 16:13 . 2008-09-16 16:53 133760 ----a-w c:\tmp\3332.blend 2008-06-11 17:16 . 2008-06-11 18:22 22016 --sha-w c:\tmp\Thumbs.db (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "Glary Memory Optimizer"="c:\arquivos de programas\Glary Utilities\memdefrag.exe" [2008-03-05 92160] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RAM Idle Professional"="c:\arquivos de programas\RAM Idle LE\RAM_XP.exe" [2006-01-17 135168] "ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-05-27 413696] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-02-02 1601304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-02 05:36 10520 ----a-w c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^victor bruno^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\DreaMule\\emule.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149] R3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\DRIVERS\kvnet.sys [2009-03-23 29696] R3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; [x] R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2005-09-26 362944] R4 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-02-02 903960] R4 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-02-02 298264] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-02 325128] S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-02-02 107272] S3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232] . Conteúdo da pasta 'Tarefas Agendadas' 2009-04-20 c:\windows\Tasks\GlaryInitialize.job - c:\arquivos de programas\Glary Utilities\initialize.exe [2008-07-31 14:08] 2009-04-20 c:\windows\Tasks\User_Feed_Synchronization-{28A9E485-D676-42A3-836A-1C6CDC3FFCC2}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 21:36] . . ------- Scan Suplementar ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\victor bruno\Dados de aplicativos\Mozilla\Firefox\Profiles\3pa3b2zw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-20 08:13 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(1836) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\AVG\AVG8\avgrsx.exe c:\arquivos de programas\Bonjour\mDNSResponder.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Microsoft LifeCam\MSCamS32.exe c:\windows\system32\msiexec.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\drivers\WTSrv.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\msiexec.exe . ************************************************************************** . Tempo para conclusão: 2009-04-20 8:19 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-04-20 11:19 Pré-execução: 19 pasta(s) 12.588.118.016 bytes disponíveis Pós execução: 18 pasta(s) 12.854.083.584 bytes disponíveis WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 255 --- E O F --- 2009-04-17 16:58 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:36:48, on 20/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe c:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\DRIVERS\WtSrv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\RAM Idle LE\RAM_XP.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\WINDOWS\vVX3000.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Glary Utilities\memdefrag.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\MsiExec.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Hi\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RAM Idle Professional] C:\Arquivos de programas\RAM Idle LE\RAM_XP.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Arquivos de programas\Glary Utilities\memdefrag.exe" /autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/ O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe -- End of file - 6038 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Abril 21, 2009 Olá Você tem conhecimento destas duas pastas em negrito abaixo? C:\tmp C:\Hi Vá em Painel de Controle > Adicionar ou Remover Programas e desinstale os programas abaixo (caso existam ainda): MessengerPlus! 3 MsgPlus! Plugin Messenger Plus! Live Pois foram os programas que provocaram este problema com as pop-ups CID. Caso queira reinstalar o Messenger Plus! Live após a limpeza de sua máquina, preste atenção na hora da instalação: Quando for instalar, será pergutado à você se quer ou não instalar o Patrocinador! Não instale-o, recuse--o, como na imagem abaixo: Pois o patrocinador é um adware que causa este problema no PC. Compartilhar este post Link para o post Compartilhar em outros sites
vitotiBM 0 Denunciar post Postado Abril 21, 2009 Oi beleza cara! sim essas pastas são Hi, é o hijackthis, quando instalei coloquei esse nome! tem problema? rsrs e a pasta temp, ela foi criada pra eu salvar arquivos do Blender que utilizo nessa maquina... fiz o que você disse com o Msn Plus... desde o combofix o problema da janela CID nao acontece, pelo menos nao to percebendo. nem aquilo q disse de mudar fonte e ou a maquina reiniciar sozinha, porem o lance da janela do "update Manager" continua... po cara obrigado mesmo pela ajuda... agora uma duvida, eu tenho um notbook tambem, e ele tem o mesmo problema da janela do "update Manager" o que eu fizer no pc, pode ser feito com o notebook??? Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Abril 21, 2009 sim essas pastas são Hi, é o hijackthis, quando instalei coloquei esse nome! tem problema? rsrse a pasta temp, ela foi criada pra eu salvar arquivos do Blender que utilizo nessa maquina... Não tem problema algum. :) fiz o que você disse com o Msn Plus...desde o combofix o problema da janela CID nao acontece, pelo menos nao to percebendo. nem aquilo q disse de mudar fonte e ou a maquina reiniciar sozinha, porem o lance da janela do "update Manager" continua... po cara obrigado mesmo pela ajuda... O Update Manager não é vírus, não precisa se preocupar com ele. Baixe o Software Manager Uninstaller e salve-o no desktop. Dê um duplo clique em SoftwareManagerUninstall.exe e siga as instruções para desinstalar o Update Manager ou o Software Manager. Veja se resolverá este problema. No mais o log está limpo. Vá em Iniciar > Executar, digite combofix /u e dê um OK para removê-lo. Pode deletar o Lop S&D e seu log C:\LopR (caso existam ainda). agora uma duvida, eu tenho um notbook tambem, e ele tem o mesmo problema da janela do "update Manager" o que eu fizer no pc, pode ser feito com o notebook??? Utilize o Update Manager Uninstaller nele também e veja se resolverá. :thumbsup: Compartilhar este post Link para o post Compartilhar em outros sites
vitotiBM 0 Denunciar post Postado Abril 25, 2009 Cara muito obrigado pela atenção e mais uma vez parabens a todo o forum por sempre contribuir com os outros... o problema foi resolvido!!!!!!!! obrigado mesmo MGuitar... abração a todos... Victor Bruno Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 1, 2009 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
