[Arquivado] Analisem meu log

[Jocasinho 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:35:45, on 6/5/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\BandRich\BandLuxe HSDPA utility R11\BRService.exe

C:\WINDOWS\system32\slmdmsr.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\WScript.exe

C:\Documents and Settings\Jocasinho\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKLM\..\Policies\Explorer\Run: [JOCASINH-16F89B] .vbe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{AF874EEA-F69E-46FF-9FB4-0C7602DAEF04}: NameServer = 200.222.0.34 200.202.193.75

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Arquivos de programas\BandRich\BandLuxe HSDPA utility R11\BRService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

 

--

End of file - 3443 bytes

[MGuitar 11]

- Faça o download do ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

 

Cole este log em sua próxima resposta.

[Jocasinho 0]

Mguitar

eu to com um problema no combofix eu abro ele aparece assim

 

procurando por ficheiros/aqruivos infectados...

 

é reinicia o pc , fiz isso no modo de segurança e acontece o mesmo problema

 

oque será ?

 

abraços

[MGuitar 11]

- Faça o download do RSIT e salve no seu desktop;

 

● Dê dois cliques em RSIT.exe para executar o programa;

● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;

● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;

● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

[Jocasinho 0]

#LOG#

Logfile of random's system information tool 1.06 (written by random/random)

Run by Jocasinho at 2009-05-10 04:11:41

Microsoft Windows XP Professional Service Pack 2

System drive C: has 22 GB (70%) free of 32 GB

Total RAM: 959 MB (68% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:12:59, on 10/5/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\BandRich\BandLuxe HSDPA utility R11\BRService.exe

C:\WINDOWS\system32\slmdmsr.exe

C:\WINDOWS\System32\WScript.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\JOCASI~1\CONFIG~1\Temp\Rar$EX01.094\RSIT.exe

C:\Arquivos de programas\trend micro\Jocasinho.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Arquivos de programas\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKLM\..\Policies\Explorer\Run: [JOCASINH-16F89B] .vbe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{AF874EEA-F69E-46FF-9FB4-0C7602DAEF04}: NameServer = 200.222.0.34 200.202.193.75

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Arquivos de programas\BandRich\BandLuxe HSDPA utility R11\BRService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

 

--

End of file - 3909 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-28 312928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2009-03-27 264776]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-07 53248]

"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-08-03 163840]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-07-22 81920]

"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2009-03-28 198160]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"LWBMOUSE"=C:\Arquivos de programas\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe [2001-03-26 429568]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"JOCASINH-16F89B"=C:\WINDOWS\system32\.vbe [2009-04-06 10000]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2004-08-04 1667584]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehCef.dll [2009-03-27 264776]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2009-03-27 264776]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"D:\Tibia\Tibia.exe"="D:\Tibia\Tibia.exe:*:Enabled:Tibia Player"

"C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme"="C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme:*:Enabled:GunBound"

"C:\Arquivos de programas\Tibia\Tibia.exe"="C:\Arquivos de programas\Tibia\Tibia.exe:*:Enabled:Tibia Player"

"C:\Arquivos de programas\XCam\XCam.exe"="C:\Arquivos de programas\XCam\XCam.exe:*:Enabled:XCam"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11f4dedf-3bfd-11de-b9a3-806d6172696f}]

shell\Auto\command - auto.exe

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

shell\explore\command - WScript.exe .\autorun.vbs

shell\open\command - WScript.exe .\autorun.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4bf01e3-197d-11de-85d3-0016ec2370d0}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e81c1cf0-1fab-11de-85f8-0016ec2370d0}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

 

 

======List of files/folders created in the last 1 months======

 

2009-05-10 04:11:41 ----D---- C:\rsit

2009-05-10 04:11:41 ----D---- C:\Arquivos de programas\trend micro

2009-05-08 16:17:40 ----SH---- C:\WINDOWS\S16288F82.tmp

2009-05-08 16:16:27 ----D---- C:\Arquivos de programas\Elaborate Bytes

2009-05-08 06:39:11 ----D---- C:\Arquivos de programas\XP Codec Pack

2009-05-08 06:25:31 ----D---- C:\ComboFix

2009-05-08 06:25:30 ----A---- C:\WINDOWS\system32\CF8254.exe

2009-05-08 06:23:27 ----A---- C:\WINDOWS\system32\CF7843.exe

2009-05-08 06:22:23 ----A---- C:\WINDOWS\ntbtlog.txt

2009-05-08 06:20:47 ----A---- C:\WINDOWS\system32\CF7327.exe

2009-05-08 06:15:03 ----A---- C:\WINDOWS\system32\CF6207.exe

2009-05-08 06:11:59 ----A---- C:\WINDOWS\PSEXESVC.EXE

2009-05-08 06:11:07 ----A---- C:\Boot.bak

2009-05-08 06:11:03 ----RASHD---- C:\cmdcons

2009-05-08 05:43:31 ----A---- C:\WINDOWS\zip.exe

2009-05-08 05:43:31 ----A---- C:\WINDOWS\vFind.exe

2009-05-08 05:43:31 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-05-08 05:43:31 ----A---- C:\WINDOWS\SWSC.exe

2009-05-08 05:43:31 ----A---- C:\WINDOWS\SWREG.exe

2009-05-08 05:43:31 ----A---- C:\WINDOWS\sed.exe

2009-05-08 05:43:31 ----A---- C:\WINDOWS\NIRCMD.exe

2009-05-08 05:43:31 ----A---- C:\WINDOWS\grep.exe

2009-05-08 05:43:20 ----D---- C:\WINDOWS\ERDNT

2009-05-08 05:43:19 ----A---- C:\WINDOWS\system32\CF32754.exe

2009-05-08 05:43:07 ----A---- C:\WINDOWS\system32\CF32715.exe

2009-05-08 05:43:05 ----D---- C:\Qoobox

2009-05-08 02:25:43 ----D---- C:\temp_dvd

2009-05-08 01:38:42 ----D---- C:\Arquivos de programas\Browser Mouse

2009-05-06 23:19:59 ----D---- C:\Arquivos de programas\Blackd Tools

2009-05-05 12:19:11 ----D---- C:\Arquivos de programas\Magebot

2009-05-05 10:52:08 ----D---- C:\Arquivos de programas\TibiaBot NG

2009-04-29 14:25:15 ----A---- C:\WINDOWS\NeroDigital.ini

2009-04-29 14:02:41 ----A---- C:\WINDOWS\system32\csamsp.dll

2009-04-29 12:58:42 ----A---- C:\WINDOWS\ModemLog_BandLuxe 3.5G HSDPA Modem #2.txt

2009-04-26 08:33:51 ----D---- C:\Arquivos de programas\XCam

2009-04-26 02:49:46 ----D---- C:\Arquivos de programas\CCleaner

2009-04-24 18:48:43 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2009-04-24 18:48:43 ----D---- C:\Arquivos de programas\GbPlugin

2009-04-21 18:55:57 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-04-21 00:55:56 ----D---- C:\Arquivos de programas\Marcos Velasco Security

2009-04-20 02:13:35 ----A---- C:\WINDOWS\ModemLog_BandLuxe 3.5G HSDPA Modem.txt

2009-04-20 02:12:31 ----D---- C:\Arquivos de programas\BandRich

2009-04-17 01:09:44 ----D---- C:\Arquivos de programas\SugarBoT Edited

 

======List of files/folders modified in the last 1 months======

 

2009-05-10 04:11:41 ----RD---- C:\Arquivos de programas

2009-05-10 03:28:42 ----D---- C:\Arquivos de programas\Mozilla Firefox

2009-05-10 03:28:03 ----SD---- C:\WINDOWS\Tasks

2009-05-10 03:27:54 ----D---- C:\WINDOWS\Temp

2009-05-10 03:27:50 ----D---- C:\WINDOWS\system32

2009-05-10 03:27:22 ----AD---- C:\WINDOWS\system32\drivers

2009-05-10 03:26:32 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-05-10 03:26:31 ----D---- C:\WINDOWS\Prefetch

2009-05-10 03:14:25 ----D---- C:\WINDOWS\system32\CatRoot2

2009-05-09 05:21:09 ----D---- C:\Documents and Settings\Jocasinho\Dados de aplicativos\Tibia

2009-05-08 16:17:40 ----D---- C:\WINDOWS

2009-05-08 06:28:03 ----A---- C:\WINDOWS\ModemLog_SmartUSB56 Voice Modem.txt

2009-05-08 06:24:49 ----D---- C:\WINDOWS\Minidump

2009-05-08 06:11:07 ----RASH---- C:\boot.ini

2009-05-06 23:20:11 ----SHD---- C:\WINDOWS\Installer

2009-04-29 14:02:46 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-04-29 13:53:09 ----HD---- C:\WINDOWS\inf

2009-04-29 13:53:09 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-04-29 13:53:04 ----D---- C:\WINDOWS\WinSxS

2009-04-29 00:12:55 ----D---- C:\Arquivos de programas\TibiaCam TV Lite

2009-04-26 16:08:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-04-26 02:55:08 ----D---- C:\WINDOWS\Debug

2009-04-24 18:33:00 ----SD---- C:\Documents and Settings\Jocasinho\Dados de aplicativos\Microsoft

2009-04-22 23:36:09 ----D---- C:\Arquivos de programas\Tibia

2009-04-16 23:59:38 ----A---- C:\WINDOWS\win.ini

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-07-26 3644032]

R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]

R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]

R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600]

R3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288]

R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys [2005-05-10 237616]

R3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys [2005-05-10 1464848]

R3 Slnt7554;USB Soft Modem Driver; C:\WINDOWS\system32\DRIVERS\SLDRV\slnt7554.sys [2005-05-10 225272]

R3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys [2005-05-10 101328]

R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys [2005-05-10 13248]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]

R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-08-10 237312]

S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB; C:\WINDOWS\system32\DRIVERS\br3gmdm.sys [2008-03-25 100096]

S3 catchme;catchme; \??\C:\DOCUME~1\JOCASI~1\CONFIG~1\Temp\catchme.sys []

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 BandLuxe_Service;BandLuxe Service; C:\Arquivos de programas\BandRich\BandLuxe HSDPA utility R11\BRService.exe [2008-04-15 85016]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2009-03-27 52808]

R2 SLService;SmartLinkService; C:\WINDOWS\system32\slmdmsr.exe [2005-05-10 61440]

R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-02-17 2794234]

S3 PSEXESVC;PsExec; C:\WINDOWS\PSEXESVC.EXE [2009-05-08 53248]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

 

-----------------EOF-----------------

 

 

 

 

#INFO#

 

info.txt logfile of random's system information tool 1.06 2009-05-10 04:13:00

 

======Uninstall list======

 

-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

BandLuxe HSDPA Utility R11-->MsiExec.exe /I{6A5CC193-FA73-4D82-8F33-A33AAD7471E0}

Browser Mouse Browser Mouse 1.0-->C:\Arquivos de programas\Browser Mouse\Browser Mouse\1.0\unins000.EXE

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

CloneDVD2-->"C:\Arquivos de programas\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Arquivos de programas\Elaborate Bytes\CloneDVD2"

DVD Solution-->"C:\Arquivos de programas\Uninstall_CDS.exe"

GunboundWC-->"C:\Arquivos de programas\OnGame\unins000.exe"

HijackThis 2.0.2-->"C:\Documents and Settings\Jocasinho\Desktop\HijackThis.exe" /uninstall

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

HyperCam 2-->"C:\Arquivos de programas\HyCam2\UnHyCam2.exe"

Magebot-->"C:\Arquivos de programas\Magebot\uninstall.exe"

Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Mozilla Firefox (3.0.10)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

Multimedia Launcher-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall

MV RegClean 5.9-->"C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 5.9\unins000.exe"

Nero OEM-->C:\Arquivos de programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

PowerHEX-->C:\WINDOWS\PowerHEX Uninstaller.exe

RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Realtek AC'97 Audio-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x416 -removeonly

TeamSpeak 2 RC2-->"C:\Arquivos de programas\Teamspeak2_RC2\unins000.exe"

Tibia MULTI-ip changer-->C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\UNinstaller.exe

Tibia-->"D:\Tibia\unins000.exe"

TibiaBot NG 4.8.8-->"C:\Arquivos de programas\TibiaBot NG\unins000.exe"

TibiaCam TV Lite 2.7-->"C:\Arquivos de programas\TibiaCam TV Lite\unins000.exe"

VIA Gerenciador de dispositivo de plataforma-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

VIA/S3G Display Driver-->C:\ARQUIV~1\S3\UChromeP\s3minset.exe /u UChromeP.uns

Windows Live Messenger-->MsiExec.exe /I{37FD253D-5064-4034-8CEC-CC3995F823A4}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

XCam-->"C:\Arquivos de programas\XCam\unins000.exe"

XP Codec Pack-->C:\Arquivos de programas\XP Codec Pack\Uninstall.exe

 

======System event log======

 

Computer Name: JOCASINH-16F89B

Event Code: 7036

Message: O serviço Serviço de descoberta SSDP entrou no estado executando.

 

Record Number: 5422

Source Name: Service Control Manager

Time Written: 20090502191114.000000-180

Event Type: Informações

User:

 

Computer Name: JOCASINH-16F89B

Event Code: 7035

Message: O serviço Serviço de descoberta SSDP recebeu com êxito um controle Iniciar.

 

Record Number: 5421

Source Name: Service Control Manager

Time Written: 20090502191114.000000-180

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: JOCASINH-16F89B

Event Code: 7036

Message: O serviço IMAPI CD-Burning COM Service entrou no estado executando.

 

Record Number: 5420

Source Name: Service Control Manager

Time Written: 20090502191114.000000-180

Event Type: Informações

User:

 

Computer Name: JOCASINH-16F89B

Event Code: 7035

Message: O serviço IMAPI CD-Burning COM Service recebeu com êxito um controle Iniciar.

 

Record Number: 5419

Source Name: Service Control Manager

Time Written: 20090502191114.000000-180

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: JOCASINH-16F89B

Event Code: 7035

Message: O serviço dmapf recebeu com êxito um controle Iniciar.

 

Record Number: 5418

Source Name: Service Control Manager

Time Written: 20090502191114.000000-180

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

=====Application event log=====

 

Computer Name: JOCASINH-16F89B

Event Code: 102

Message: msnmsgr (248) \\.\C:\Documents and Settings\Jocasinho\Configurações locais\Dados de aplicativos\Microsoft\Messenger\jocasouza9@hotmail.com\SharingMetadata\Working\database_AC9C_DA0F_9CD9_D444\dfsr.db: O mecanismo de banco de dados iniciou uma nova instância (0).

 

Record Number: 1509

Source Name: ESENT

Time Written: 20090421182118.000000-180

Event Type: Informações

User:

 

Computer Name: JOCASINH-16F89B

Event Code: 100

Message: msnmsgr (248) O mecanismo de banco de dados 5.01.2600.2180 foi iniciado.

 

Record Number: 1508

Source Name: ESENT

Time Written: 20090421182118.000000-180

Event Type: Informações

User:

 

Computer Name: JOCASINH-16F89B

Event Code: 12001

Message: The Messenger Sharing USN Journal Reader service started successfully.

 

Record Number: 1507

Source Name: usnjsvc

Time Written: 20090421182112.000000-180

Event Type:

User:

 

Computer Name: JOCASINH-16F89B

Event Code: 4097

Message: O aplicativo, C:\Arquivos de programas\Tibia\Tibia.exe, gerou um erro de aplicativo.

O erro ocorreu em 04/21/2009 às 02:47:52.312.

A exceção gerada foi c0000005 no endereço 064CBFB0 (play-00010408)

 

Record Number: 1506

Source Name: DrWatson

Time Written: 20090421024752.000000-180

Event Type: Informações

User:

 

Computer Name: JOCASINH-16F89B

Event Code: 1000

Message: Aplicativo com falha tibia.exe, versão 8.4.1.0, módulo com falha play-00010408.dll, versão 0.0.0.0, endereço com falha 0x0002bfb0.

 

Record Number: 1505

Source Name: Application Error

Time Written: 20090421024750.000000-180

Event Type: Erro

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=2c02

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

[MGuitar 11]

- Faça o download do OTMoveIt3 e salve no desktop;

 

● Dê um duplo clique no ícone do programa (OTMoveIt3) para executá-lo;

● Selecione e copie todo este conteúdo aqui abaixo:

 

:Processesexplorer.exe:Reg[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]"JOCASINH-16F89B"=-[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11f4dedf-3bfd-11de-b9a3-806d6172696f}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4bf01e3-197d-11de-85d3-0016ec2370d0}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e81c1cf0-1fab-11de-85f8-0016ec2370d0}]:FilesC:\WINDOWS\system32\.vbe :Commands[emptytemp][purity][start explorer][Reboot]

● Cole o que você copiou no programa (no espaço em branco da janela);

● Clique no botão MoveIt;

● Se aparecer uma mensagem para reiniciar o computador, reinicie-o;

● Na sua proxima resposta, copie e cole o todo o conteúdo que está em Results;

● Se o computador reiniciou, vá na pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

 

Cole em sua próxima resposta também, um novo log do RSIT.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.