[Resolvido!] Malware pop up CiD

[keysha 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:58:47, on 9/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\tsnp325.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Documents and Settings\Administrador.CASA-394B976A04\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wlcreateid/

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [draw memo up hide] C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\platform dupe draw memo\bleh tray.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1246823069359

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 8624 bytes

[MGuitar 11]

Você possui três antivirus instalados: AVG, Avast! e Avira AntiVir. Isso não é recomendado. Pois além de gerar conflitos, o desempenho de seu sistema irá diminuir. Seu sistema não estará mais protegido com três antivirus também. Pelo contrário.

 

Sugiro que deixe apenas o Avira AntiVir e remova os outros dois.

 

- Faça download do Lop S&D e salve-o no desktop;

 

● Dê um duplo clique no Lop S&D. Na janela que abrir pressione a tecla P e tecle Enter;

● Na próxima tela pressione o numero 2 e tecle Enter;

● Sua tela irá piscar. Isso é normal. Aguarde até que seja gerado um relatório.

[keysha 0]

Seguindo todos os passos. Relatório do LopR:

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Athlon XP 2200+ )

BIOS : Award Modular BIOS v6.0

USER : Administrador ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.30 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:232 Go (Free:215 Go)

D:\ (CD or DVD)

E:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( qui 09/07/2009|19:46 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\WINDOWS\Tasks\AE9B283891B0D8CC.job

Deletado! - C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\platform dupe draw memo\bleh tray.dat

Deletado! - C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\2plusd~1\Burn creative grey grid.exe

Deletado! - C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\platform dupe draw memo

Deletado! - C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\2plusd~1

Deletado! - C:\Arquivos de programas\2plusd~1

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

 

[06/07/2009|12:34] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\Adobe

[08/07/2009|23:38] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\AVGTOOLBAR

[09/07/2009|17:29] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\Canneverbe_Limited

[09/06/2009|23:17] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\Identities

[06/07/2009|10:32] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\InstallShield

[09/07/2009|04:21] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\IObit

[09/06/2009|22:44] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\Macromedia

[09/07/2009|18:56] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\Microsoft

[09/06/2009|21:47] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\Mozilla

[09/07/2009|19:41] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\Skype

[09/07/2009|18:39] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\skypePM

[09/07/2009|13:00] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\Spyware Terminator

[06/07/2009|11:02] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\Sun

[08/07/2009|16:53] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\uTorrent

[09/07/2009|14:13] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\Winamp

[05/07/2009|23:59] C:\DOCUME~1\ADMINI~3.CAS\DADOSD~1\WinRAR

 

[26/04/2009|18:48] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[29/09/2008|20:34] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

[07/03/2009|19:15] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

[20/04/2009|15:41] C:\DOCUME~1\ALLUSE~1\DADOSD~1\avg8

[31/03/2009|17:09] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avira

[02/06/2009|19:17] C:\DOCUME~1\ALLUSE~1\DADOSD~1\BVRP Software

[19/08/2008|03:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Hewlett-Packard

[19/08/2008|03:35] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP

[19/08/2008|03:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP Product Assistant

[19/08/2008|03:44] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HPSSUPPLY

[08/06/2007|18:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[11/12/2008|22:09] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[06/05/2009|12:34] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

[02/06/2009|19:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[27/03/2008|12:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[19/08/2008|03:52] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WEBREG

[22/04/2007|19:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[21/11/2008|22:28] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

 

[06/07/2009|12:24] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Adobe

[07/07/2009|22:59] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Avanquest Software

[09/07/2009|11:26] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\AVG Security Toolbar

[09/07/2009|18:56] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\avg8

[09/07/2009|05:33] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Avira

[06/07/2009|10:07] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\BVRP Software

[05/07/2009|14:39] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Hewlett-Packard

[09/07/2009|07:21] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Kaspersky Lab Setup Files

[06/07/2009|15:21] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Messenger Plus!

[09/07/2009|17:16] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Microsoft

[06/07/2009|04:09] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Skype

[09/07/2009|04:50] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Spybot - Search & Destroy

[09/07/2009|18:39] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Spyware Terminator

[09/07/2009|19:08] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\TEMP

 

[22/04/2007|18:23] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[01/08/2008|17:45] C:\DOCUME~1\LOCALS~1\DADOSD~1\Adobe

[19/08/2008|03:53] C:\DOCUME~1\LOCALS~1\DADOSD~1\HP

[22/05/2008|12:33] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[09/06/2009|19:49] C:\DOCUME~1\LOCALS~1.AUT\DADOSD~1\Microsoft

 

[09/07/2009|09:30] C:\DOCUME~1\LOCALS~1.000\DADOSD~1\Adobe

[09/07/2009|00:26] C:\DOCUME~1\LOCALS~1.000\DADOSD~1\AVGTOOLBAR

[09/07/2009|18:56] C:\DOCUME~1\LOCALS~1.000\DADOSD~1\Microsoft

 

[22/05/2008|12:33] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

[09/06/2009|19:49] C:\DOCUME~1\NETWOR~1.AUT\DADOSD~1\Microsoft

 

[09/07/2009|18:56] C:\DOCUME~1\NETWOR~1.000\DADOSD~1\Microsoft

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[09/07/2009 19:40][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 15:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[06/07/2009|12:17] C:\Arquivos de programas\Adobe

[18/05/2007|14:44] C:\Arquivos de programas\Adobe CS

[22/04/2007|19:06] C:\Arquivos de programas\Ahead

[22/04/2007|19:09] C:\Arquivos de programas\Alwil Software

[20/02/2008|23:29] C:\Arquivos de programas\AnalogX

[29/05/2009|07:27] C:\Arquivos de programas\ANE

[29/09/2008|20:34] C:\Arquivos de programas\Apple Software Update

[09/07/2009|07:44] C:\Arquivos de programas\Arquivos comuns

[02/06/2009|19:02] C:\Arquivos de programas\Audio Recorder for FREE

[09/07/2009|05:33] C:\Arquivos de programas\Avira

[25/04/2009|17:42] C:\Arquivos de programas\Brasfoot2009

[28/04/2009|13:47] C:\Arquivos de programas\Cálculo Trabalhista Rápido

[31/03/2009|14:20] C:\Arquivos de programas\CCleaner

[09/07/2009|17:28] C:\Arquivos de programas\CDBurnerXP

[17/07/2008|03:45] C:\Arquivos de programas\CDex

[06/07/2009|04:31] C:\Arquivos de programas\Circle Developemet

[22/04/2007|18:20] C:\Arquivos de programas\ComPlus Applications

[06/07/2009|11:58] C:\Arquivos de programas\Crawler

[02/06/2009|19:11] C:\Arquivos de programas\DivX

[25/04/2007|15:11] C:\Arquivos de programas\DremTeamShare

[25/04/2007|12:14] C:\Arquivos de programas\Efficient Networks

[08/07/2009|15:19] C:\Arquivos de programas\eMule

[29/05/2009|07:27] C:\Arquivos de programas\EssentialPIM

[29/02/2008|12:00] C:\Arquivos de programas\Google

[02/06/2009|19:04] C:\Arquivos de programas\Gravity

[19/08/2008|03:31] C:\Arquivos de programas\Hewlett-Packard

[19/08/2008|03:44] C:\Arquivos de programas\HP

[06/07/2009|10:07] C:\Arquivos de programas\InstallShield Installation Information

[09/07/2009|10:26] C:\Arquivos de programas\Internet Explorer

[31/03/2009|15:14] C:\Arquivos de programas\IObit

[06/07/2009|11:04] C:\Arquivos de programas\Java

[17/07/2008|03:34] C:\Arquivos de programas\LocalCDDB

[02/06/2009|19:18] C:\Arquivos de programas\Macromedia

[31/03/2009|15:22] C:\Arquivos de programas\Marcos Velasco Security

[02/06/2009|19:18] C:\Arquivos de programas\Megacubo

[09/06/2009|21:18] C:\Arquivos de programas\Messenger

[06/07/2009|04:31] C:\Arquivos de programas\Messenger Plus! Live

[12/03/2009|15:01] C:\Arquivos de programas\Microsoft

[22/04/2007|18:24] C:\Arquivos de programas\microsoft frontpage

[15/09/2008|07:07] C:\Arquivos de programas\Microsoft Office

[26/02/2009|15:51] C:\Arquivos de programas\Microsoft Silverlight

[22/04/2007|19:04] C:\Arquivos de programas\Microsoft Visual Studio

[12/06/2008|22:04] C:\Arquivos de programas\Microsoft Works

[22/04/2007|19:04] C:\Arquivos de programas\Microsoft.NET

[29/06/2009|19:47] C:\Arquivos de programas\Motorola Phone Tools

[09/06/2009|19:47] C:\Arquivos de programas\Movie Maker

[09/07/2009|19:43] C:\Arquivos de programas\Mozilla Firefox

[09/07/2009|10:42] C:\Arquivos de programas\MSBuild

[24/06/2009|00:50] C:\Arquivos de programas\MSECache

[09/06/2009|19:45] C:\Arquivos de programas\MSN Gaming Zone

[21/08/2008|10:26] C:\Arquivos de programas\MSXML 4.0

[09/07/2009|10:17] C:\Arquivos de programas\MSXML 6.0

[16/10/2008|21:24] C:\Arquivos de programas\Multiply

[09/06/2009|19:47] C:\Arquivos de programas\NetMeeting

[02/06/2009|19:19] C:\Arquivos de programas\OnGame

[09/06/2009|19:46] C:\Arquivos de programas\Outlook Express

[17/02/2009|14:36] C:\Arquivos de programas\Programas RFB

[07/03/2009|19:17] C:\Arquivos de programas\QuickTime

[09/07/2009|10:41] C:\Arquivos de programas\Reference Assemblies

[02/06/2009|19:04] C:\Arquivos de programas\Serif

[22/04/2007|18:22] C:\Arquivos de programas\Serviços on-line

[06/07/2009|04:10] C:\Arquivos de programas\Skype

[28/04/2008|22:57] C:\Arquivos de programas\SopCast

[06/07/2009|12:00] C:\Arquivos de programas\Spybot - Search & Destroy

[09/07/2009|13:10] C:\Arquivos de programas\Spyware Terminator

[02/06/2009|19:24] C:\Arquivos de programas\SRP

[17/07/2008|22:56] C:\Arquivos de programas\Sun

[02/06/2009|19:03] C:\Arquivos de programas\The KMPlayer

[22/04/2007|18:52] C:\Arquivos de programas\Uninstall Information

[06/07/2009|04:04] C:\Arquivos de programas\uTorrent

[14/11/2008|22:56] C:\Arquivos de programas\VideoLAN

[07/02/2008|11:13] C:\Arquivos de programas\Webteh

[05/07/2009|22:52] C:\Arquivos de programas\Winamp

[12/03/2009|14:59] C:\Arquivos de programas\Windows Live

[12/03/2009|15:00] C:\Arquivos de programas\Windows Live SkyDrive

[02/06/2009|19:12] C:\Arquivos de programas\Windows Media Connect 2

[09/06/2009|19:47] C:\Arquivos de programas\Windows Media Player

[09/06/2009|19:45] C:\Arquivos de programas\Windows NT

[22/04/2007|18:22] C:\Arquivos de programas\WindowsUpdate

[05/07/2009|23:59] C:\Arquivos de programas\WinRAR

[22/04/2007|18:24] C:\Arquivos de programas\xerox

[02/06/2009|19:03] C:\Arquivos de programas\Xvid

[09/07/2009|05:17] C:\Arquivos de programas\Zone Labs

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[06/07/2009|12:21] C:\Arquivos de programas\Arquivos comuns\Adobe

[16/10/2008|21:24] C:\Arquivos de programas\Arquivos comuns\Adobe AIR

[22/04/2007|19:06] C:\Arquivos de programas\Arquivos comuns\Ahead

[28/04/2009|13:41] C:\Arquivos de programas\Arquivos comuns\Borland Shared

[22/04/2007|19:04] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[19/08/2008|03:31] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[19/08/2008|03:32] C:\Arquivos de programas\Arquivos comuns\HP

[02/06/2009|19:18] C:\Arquivos de programas\Arquivos comuns\InstallShield

[26/04/2007|12:38] C:\Arquivos de programas\Arquivos comuns\Java

[02/06/2009|19:18] C:\Arquivos de programas\Arquivos comuns\Macromedia

[05/03/2009|00:07] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[22/04/2007|18:21] C:\Arquivos de programas\Arquivos comuns\MSSoap

[22/04/2007|15:15] C:\Arquivos de programas\Arquivos comuns\ODBC

[22/04/2007|18:21] C:\Arquivos de programas\Arquivos comuns\Serviços

[06/07/2009|04:09] C:\Arquivos de programas\Arquivos comuns\Skype

[06/07/2009|10:32] C:\Arquivos de programas\Arquivos comuns\snp325

[22/04/2007|15:15] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[16/11/2008|02:40] C:\Arquivos de programas\Arquivos comuns\Symantec Shared

[09/06/2009|19:46] C:\Arquivos de programas\Arquivos comuns\System

[10/10/2008|21:47] C:\Arquivos de programas\Arquivos comuns\Windows Live

[06/02/2008|05:27] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

 

--------------------\\ Process

 

( 34 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-09 19:49:47

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:1472][D:6]-> C:\DOCUME~1\ADMINI~3.CAS\CONFIG~1\Temp

[F:1][D:0]-> C:\DOCUME~1\ADMINI~3.CAS\Cookies

[F:2][D:0]-> C:\DOCUME~1\ADMINI~3.CAS\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - qui 09/07/2009|19:50 - Option : [2]

 

--------------------\\ Verificação completa em 19:50:33

[MGuitar 11]

Vá em Painel de Controle > Adicionar ou Remover Programas. Encontre e desinstale os três itens abaixo:

 

Crawler

Messenger Plus!

Messenger Plus! Live

 

OBS: O problema com as pop-ups CID foi causado pelo lop - adware instalado, geralmente, pelo Messenger Plus quando instala-se o patrocinador. Para evitar este problema ao instalar o Messenger Plus, basta não aceitar a instalação do patrocinador no comaço da instalação, marcando a opção da imagem abaixo:

 

 

 

- Faça o download do RSIT e salve no seu desktop;

 

● Dê dois cliques em RSIT.exe para executar o programa;

● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;

● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;

● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

 

 

Pergunta: As janelas CID ainda aparecem?

[keysha 0]

Não vi mais nenhuma maldita janela de propaganda se abrindo. Espero ter me livrado de outras pragas no processo... O excesso de anti virus foi uma medida desesperada mesmo, passei todo tipo de anti spy e anti virus mas não conseguia me livrar dessas pop ups. Muito obrigada!

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Administrador at 2009-07-11 07:28:08

Microsoft Windows XP Professional Service Pack 2

System drive C: has 220 GB (92%) free of 238 GB

Total RAM: 768 MB (41% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:28:23, on 11/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp325.exe

C:\WINDOWS\vsnp325.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Administrador.CASA-394B976A04\Desktop\RSIT.exe

C:\Documents and Settings\Administrador.CASA-394B976A04\Desktop\Administrador.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wlcreateid/

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\ADMINI~3.CAS\CONFIG~1\Temp\MsgPlusUninstall.exe" /Cleanup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1246823069359

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 6651 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

AVG Security Toolbar BHO

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-07-06 41368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-06 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"=Mixer.exe /startup []

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-01-26 5529600]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-01-26 86016]

"WinampAgent"=C:\Arquivos de programas\Winamp\winampa.exe [2009-07-01 37888]

"FixCamera"=C:\WINDOWS\FixCamera.exe [2007-02-12 20480]

"tsnp325"=C:\WINDOWS\tsnp325.exe [2007-04-21 270336]

"snp325"=C:\WINDOWS\vsnp325.exe [2007-05-09 835584]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-07-06 148888]

"SpywareTerminator"=C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe [2009-07-06 2173440]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"MessengerPlusLiveUninstall"=C:\DOCUME~1\ADMINI~3.CAS\CONFIG~1\Temp\MsgPlusUninstall.exe [2009-07-05 905552]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

"SpybotSD TeaTimer"=C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

"SpywareTerminatorUpdate"=C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-07-06 3055616]

"Advanced SystemCare 3"=C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe [2009-06-25 2328712]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-07-09 11952]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoResolveSearch"=

"NoPopUpsOnBoot"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bef74fbb-8910-11dd-8a0a-000b230dc207}]

shell\AutoRun\command - F:\start.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bef74fbc-8910-11dd-8a0a-000b230dc207}]

shell\AutoRun\command - G:\dbadmr.exe

shell\explore\command - G:\dbadmr.exe

shell\open\command - G:\dbadmr.exe

 

 

======List of files/folders created in the last 1 months======

 

2009-07-11 07:26:25 ----D---- C:\rsit

2009-07-09 19:46:53 ----A---- C:\lopR.txt

2009-07-09 19:46:25 ----D---- C:\Lop SD

2009-07-09 17:29:07 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\Canneverbe_Limited

2009-07-09 11:01:30 ----N---- C:\WINDOWS\system32\spmsg2.dll

2009-07-09 11:01:23 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$

2009-07-09 10:43:42 ----D---- C:\WINDOWS\system32\XPSViewer

2009-07-09 10:42:42 ----D---- C:\Arquivos de programas\MSBuild

2009-07-09 10:42:24 ----D---- C:\WINDOWS\system32\en-US

2009-07-09 10:41:05 ----D---- C:\Arquivos de programas\Reference Assemblies

2009-07-09 10:36:17 ----N---- C:\WINDOWS\system32\prntvpt.dll

2009-07-09 10:36:14 ----N---- C:\WINDOWS\system32\xpsshhdr.dll

2009-07-09 10:36:09 ----N---- C:\WINDOWS\system32\xpssvcs.dll

2009-07-09 10:36:03 ----D---- C:\f82a25a783da382da6

2009-07-09 10:30:37 ----RSD---- C:\WINDOWS\assembly

2009-07-09 10:24:46 ----D---- C:\WINDOWS\Microsoft.NET

2009-07-09 10:17:51 ----D---- C:\Arquivos de programas\MSXML 6.0

2009-07-09 07:40:32 ----A---- C:\WINDOWS\NIRCMD.exe

2009-07-09 07:40:29 ----A---- C:\WINDOWS\PEV.exe

2009-07-09 07:40:24 ----A---- C:\WINDOWS\zip.exe

2009-07-09 07:40:24 ----A---- C:\WINDOWS\SWREG.exe

2009-07-09 07:40:24 ----A---- C:\WINDOWS\sed.exe

2009-07-09 07:40:24 ----A---- C:\WINDOWS\grep.exe

2009-07-09 07:40:20 ----A---- C:\WINDOWS\SWSC.exe

2009-07-09 07:40:19 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-07-09 07:40:12 ----SD---- C:\ComboFix

2009-07-09 07:40:10 ----A---- C:\WINDOWS\system32\CF17749.exe

2009-07-09 07:21:58 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab Setup Files

2009-07-09 05:33:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Avira

2009-07-09 05:33:56 ----D---- C:\Arquivos de programas\Avira

2009-07-09 05:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB943232$

2009-07-09 05:17:33 ----D---- C:\Arquivos de programas\Zone Labs

2009-07-09 05:16:37 ----D---- C:\WINDOWS\Internet Logs

2009-07-09 04:34:19 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll

2009-07-09 04:34:18 ----A---- C:\WINDOWS\system32\d3dx10_41.dll

2009-07-09 04:34:16 ----A---- C:\WINDOWS\system32\D3DX9_41.dll

2009-07-09 04:34:13 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll

2009-07-09 04:34:12 ----A---- C:\WINDOWS\system32\XAudio2_4.dll

2009-07-09 04:34:09 ----A---- C:\WINDOWS\system32\xactengine3_4.dll

2009-07-09 04:34:04 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll

2009-07-09 04:34:00 ----A---- C:\WINDOWS\system32\d3dx10_40.dll

2009-07-09 04:34:00 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll

2009-07-09 04:33:57 ----A---- C:\WINDOWS\system32\D3DX9_40.dll

2009-07-09 04:33:54 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll

2009-07-09 04:33:53 ----A---- C:\WINDOWS\system32\XAudio2_3.dll

2009-07-09 04:33:51 ----A---- C:\WINDOWS\system32\xactengine3_3.dll

2009-07-09 04:33:49 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll

2009-07-09 04:33:45 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll

2009-07-09 04:33:43 ----A---- C:\WINDOWS\system32\XAudio2_2.dll

2009-07-09 04:33:38 ----A---- C:\WINDOWS\system32\xactengine3_2.dll

2009-07-09 04:33:30 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll

2009-07-09 04:33:29 ----A---- C:\WINDOWS\system32\d3dx10_39.dll

2009-07-09 04:33:26 ----A---- C:\WINDOWS\system32\D3DX9_39.dll

2009-07-09 04:33:21 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll

2009-07-09 04:33:19 ----A---- C:\WINDOWS\system32\XAudio2_1.dll

2009-07-09 04:33:16 ----A---- C:\WINDOWS\system32\xactengine3_1.dll

2009-07-09 04:33:10 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll

2009-07-09 04:33:03 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll

2009-07-09 04:33:01 ----A---- C:\WINDOWS\system32\d3dx10_38.dll

2009-07-09 04:32:56 ----A---- C:\WINDOWS\system32\D3DX9_38.dll

2009-07-09 04:32:52 ----A---- C:\WINDOWS\system32\XAudio2_0.dll

2009-07-09 04:32:48 ----A---- C:\WINDOWS\system32\xactengine3_0.dll

2009-07-09 04:32:45 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll

2009-07-09 04:32:42 ----A---- C:\WINDOWS\system32\d3dx10_37.dll

2009-07-09 04:32:42 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll

2009-07-09 04:32:33 ----A---- C:\WINDOWS\system32\D3DX9_37.dll

2009-07-09 04:32:28 ----A---- C:\WINDOWS\system32\xactengine2_10.dll

2009-07-09 04:32:19 ----A---- C:\WINDOWS\system32\d3dx10_36.dll

2009-07-09 04:32:19 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll

2009-07-09 04:32:15 ----A---- C:\WINDOWS\system32\d3dx9_36.dll

2009-07-09 04:32:07 ----A---- C:\WINDOWS\system32\xactengine2_9.dll

2009-07-09 04:32:03 ----A---- C:\WINDOWS\system32\d3dx10_35.dll

2009-07-09 04:32:03 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll

2009-07-09 04:31:55 ----A---- C:\WINDOWS\system32\d3dx9_35.dll

2009-07-09 04:31:52 ----A---- C:\WINDOWS\system32\xactengine2_8.dll

2009-07-09 04:31:52 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll

2009-07-09 04:31:48 ----A---- C:\WINDOWS\system32\d3dx10_34.dll

2009-07-09 04:31:48 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll

2009-07-09 04:31:45 ----A---- C:\WINDOWS\system32\d3dx9_34.dll

2009-07-09 04:31:38 ----A---- C:\WINDOWS\system32\xinput1_3.dll

2009-07-09 04:31:34 ----A---- C:\WINDOWS\system32\xactengine2_7.dll

2009-07-09 04:31:26 ----A---- C:\WINDOWS\system32\d3dx10_33.dll

2009-07-09 04:31:25 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll

2009-07-09 04:31:21 ----A---- C:\WINDOWS\system32\d3dx9_33.dll

2009-07-09 04:31:16 ----A---- C:\WINDOWS\system32\xactengine2_6.dll

2009-07-09 04:31:08 ----A---- C:\WINDOWS\system32\xactengine2_5.dll

2009-07-09 04:31:05 ----A---- C:\WINDOWS\system32\d3dx9_32.dll

2009-07-09 04:31:02 ----A---- C:\WINDOWS\system32\xactengine2_4.dll

2009-07-09 04:31:01 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll

2009-07-09 04:30:59 ----A---- C:\WINDOWS\system32\d3dx9_31.dll

2009-07-09 04:30:56 ----A---- C:\WINDOWS\system32\xactengine2_3.dll

2009-07-09 04:30:54 ----A---- C:\WINDOWS\system32\xinput1_2.dll

2009-07-09 04:30:51 ----A---- C:\WINDOWS\system32\xactengine2_2.dll

2009-07-09 04:30:49 ----A---- C:\WINDOWS\system32\xinput1_1.dll

2009-07-09 04:30:46 ----A---- C:\WINDOWS\system32\xactengine2_1.dll

2009-07-09 04:30:44 ----A---- C:\WINDOWS\system32\d3dx9_30.dll

2009-07-09 04:30:41 ----A---- C:\WINDOWS\system32\xactengine2_0.dll

2009-07-09 04:30:41 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll

2009-07-09 04:30:38 ----A---- C:\WINDOWS\system32\d3dx9_29.dll

2009-07-09 04:30:29 ----A---- C:\WINDOWS\system32\d3dx9_28.dll

2009-07-09 04:30:28 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll

2009-07-09 04:30:25 ----A---- C:\WINDOWS\system32\d3dx9_27.dll

2009-07-09 04:30:21 ----A---- C:\WINDOWS\system32\d3dx9_26.dll

2009-07-09 04:30:14 ----A---- C:\WINDOWS\system32\d3dx9_25.dll

2009-07-09 04:30:04 ----A---- C:\WINDOWS\system32\d3dx9_24.dll

2009-07-09 04:21:35 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\IObit

2009-07-09 04:14:19 ----D---- C:\WINDOWS\Logs

2009-07-09 02:49:38 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP

2009-07-09 00:26:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\AVG Security Toolbar

2009-07-08 23:42:02 ----A---- C:\WINDOWS\system32\MSVCR71.dll

2009-07-08 23:42:02 ----A---- C:\WINDOWS\system32\MSVCP71.dll

2009-07-08 23:42:02 ----A---- C:\WINDOWS\system32\MFC71.dll

2009-07-08 23:38:19 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2009-07-08 23:38:03 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\AVGTOOLBAR

2009-07-08 23:37:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\avg8

2009-07-07 22:59:28 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Avanquest Software

2009-07-07 22:52:46 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem.txt

2009-07-06 12:19:53 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Adobe

2009-07-06 11:57:41 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\Spyware Terminator

2009-07-06 11:57:34 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spyware Terminator

2009-07-06 11:57:34 ----D---- C:\Arquivos de programas\Spyware Terminator

2009-07-06 11:57:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2009-07-06 11:05:08 ----A---- C:\WINDOWS\system32\javaws.exe

2009-07-06 11:05:08 ----A---- C:\WINDOWS\system32\javaw.exe

2009-07-06 11:05:08 ----A---- C:\WINDOWS\system32\java.exe

2009-07-06 11:05:08 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-07-06 11:02:46 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\Sun

2009-07-06 10:34:12 ----A---- C:\WINDOWS\system32\vfwwdm32.dll

2009-07-06 10:33:02 ----A---- C:\WINDOWS\FixCamera.exe

2009-07-06 10:33:02 ----A---- C:\WINDOWS\amcap.exe

2009-07-06 10:32:59 ----A---- C:\WINDOWS\vsnp325.exe

2009-07-06 10:32:59 ----A---- C:\WINDOWS\tsnp325.exe

2009-07-06 10:32:59 ----A---- C:\WINDOWS\snp325.ini

2009-07-06 10:32:57 ----A---- C:\WINDOWS\system32\vsnp325.dll

2009-07-06 10:32:57 ----A---- C:\WINDOWS\system32\rsnp325.dll

2009-07-06 10:32:57 ----A---- C:\WINDOWS\system32\csnp325.dll

2009-07-06 10:32:50 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\InstallShield

2009-07-06 04:41:48 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\skypePM

2009-07-06 04:27:42 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\Skype

2009-07-06 04:09:29 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Skype

2009-07-06 04:04:13 ----D---- C:\Arquivos de programas\uTorrent

2009-07-06 04:03:49 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\uTorrent

2009-07-05 23:59:43 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\WinRAR

2009-07-05 22:45:12 ----D---- C:\WINDOWS\RegisteredPackages

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\vxblock.dll

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxwave.dll

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxsfs.dll

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxmas.dll

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxinsa64.exe

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxhpinst.exe

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxdrv.dll

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxcpya64.exe

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxafs.dll

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\px.dll

2009-07-05 22:39:53 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\Winamp

2009-07-05 17:21:55 ----A---- C:\WINDOWS\system32\spupdsvc.exe

2009-07-05 17:21:21 ----N---- C:\WINDOWS\system32\spmsg.dll

2009-07-05 17:05:25 ----A---- C:\WINDOWS\system32\wups2.dll

2009-07-05 17:05:25 ----A---- C:\WINDOWS\system32\wucltui.dll.mui

2009-07-05 17:05:25 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

2009-07-05 17:05:24 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

2009-07-05 14:43:43 ----D---- C:\WINDOWS\nview

2009-07-05 14:43:43 ----A---- C:\WINDOWS\system32\nvudisp.exe

2009-07-05 14:39:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Hewlett-Packard

2009-07-05 14:39:11 ----A---- C:\WINDOWS\system32\hpzll5ha.dll

2009-07-05 14:38:58 ----A---- C:\WINDOWS\system32\hpzids01.dll

2009-07-05 14:38:55 ----A---- C:\WINDOWS\system32\hppldcoi.dll

2009-07-05 14:38:55 ----A---- C:\WINDOWS\system32\hpowiax3.dll

2009-07-05 14:38:55 ----A---- C:\WINDOWS\system32\hpovst10.dll

2009-07-05 14:38:55 ----A---- C:\WINDOWS\system32\hpotscl3.dll

2009-07-05 14:38:55 ----A---- C:\WINDOWS\system32\difxapi.dll

2009-07-05 13:55:52 ----A---- C:\WINDOWS\mixerdef.ini

2009-06-29 19:43:48 ----A---- C:\DBS.TXT

2009-06-29 19:31:10 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\BVRP Software

2009-06-29 19:31:10 ----D---- C:\Arquivos de programas\Motorola Phone Tools

2009-06-29 12:28:56 ----D---- C:\MP3

2009-06-28 01:01:20 ----A---- C:\WINDOWS\SchedLgU.Txt

 

======List of files/folders modified in the last 1 months======

 

2009-07-11 07:27:14 ----D---- C:\Arquivos de programas\Mozilla Firefox

2009-07-11 07:26:49 ----D---- C:\WINDOWS\Prefetch

2009-07-11 07:12:15 ----D---- C:\Arquivos de programas\Messenger Plus! Live

2009-07-11 07:11:54 ----RD---- C:\Arquivos de programas

2009-07-11 07:09:54 ----D---- C:\WINDOWS\Temp

2009-07-11 07:09:47 ----D---- C:\WINDOWS\system32\CatRoot2

2009-07-10 03:20:56 ----D---- C:\WINDOWS

2009-07-09 19:48:14 ----SD---- C:\WINDOWS\Tasks

2009-07-09 18:56:58 ----SD---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\Microsoft

2009-07-09 18:56:57 ----D---- C:\WINDOWS\system32\drivers

2009-07-09 18:56:57 ----D---- C:\WINDOWS\system32

2009-07-09 17:16:01 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft

2009-07-09 11:01:49 ----HD---- C:\WINDOWS\inf

2009-07-09 11:01:03 ----SHD---- C:\WINDOWS\Installer

2009-07-09 11:01:03 ----HD---- C:\Config.Msi

2009-07-09 10:58:29 ----D---- C:\WINDOWS\system32\pt-br

2009-07-09 10:55:05 ----D---- C:\WINDOWS\system32\mui

2009-07-09 10:47:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-07-09 10:42:05 ----RSD---- C:\WINDOWS\Fonts

2009-07-09 10:39:10 ----D---- C:\WINDOWS\system32\spool

2009-07-09 10:38:07 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-07-09 10:32:31 ----D---- C:\WINDOWS\WinSxS

2009-07-09 10:26:16 ----D---- C:\Arquivos de programas\Internet Explorer

2009-07-09 07:47:44 ----A---- C:\WINDOWS\system.ini

2009-07-09 07:46:35 ----SHD---- C:\RECYCLER

2009-07-09 07:44:37 ----D---- C:\WINDOWS\AppPatch

2009-07-09 07:44:32 ----D---- C:\Arquivos de programas\Arquivos comuns

2009-07-09 07:40:46 ----D---- C:\Qoobox

2009-07-09 04:50:17 ----D---- C:\WINDOWS\Minidump

2009-07-09 04:50:17 ----D---- C:\WINDOWS\Debug

2009-07-09 04:34:27 ----D---- C:\WINDOWS\system32\DirectX

2009-07-09 04:28:16 ----HD---- C:\WINDOWS\msdownld.tmp

2009-07-09 03:27:31 ----D---- C:\WINDOWS\system32\config

2009-07-08 22:20:52 ----D---- C:\WINDOWS\security

2009-07-08 15:19:03 ----D---- C:\Arquivos de programas\eMule

2009-07-06 12:34:57 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\Adobe

2009-07-06 12:21:38 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe

2009-07-06 12:17:04 ----D---- C:\Arquivos de programas\Adobe

2009-07-06 12:00:51 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy

2009-07-06 11:04:50 ----D---- C:\Arquivos de programas\Java

2009-07-06 10:45:31 ----D---- C:\WINDOWS\system

2009-07-06 10:35:37 ----A---- C:\WINDOWS\win.ini

2009-07-06 10:32:59 ----D---- C:\Arquivos de programas\Arquivos comuns\snp325

2009-07-06 10:07:00 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2009-07-06 04:10:19 ----RD---- C:\Arquivos de programas\Skype

2009-07-06 04:09:37 ----D---- C:\Arquivos de programas\Arquivos comuns\Skype

2009-07-05 23:59:24 ----D---- C:\Arquivos de programas\WinRAR

2009-07-05 22:52:42 ----D---- C:\Arquivos de programas\Winamp

2009-07-05 17:42:43 ----D---- C:\WINDOWS\Help

2009-07-05 17:21:13 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

2009-07-05 17:05:29 ----D---- C:\WINDOWS\SoftwareDistribution

2009-07-05 16:47:22 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-07-05 14:52:57 ----D---- C:\Documents and Settings

2009-07-05 14:40:01 ----D---- C:\WINDOWS\twain_32

2009-07-05 14:39:01 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-06-29 14:22:11 ----D---- C:\Program Files

2009-06-28 01:03:21 ----SHD---- C:\WINDOWS\CSC

2009-06-24 00:50:51 ----D---- C:\Arquivos de programas\MSECache

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41472]

R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys []

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-09 335752]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-09 27784]

R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-08 108552]

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]

R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-01-29 370382]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]

R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 SNP325;USB PC Camera (SNPSTD325); C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-05-07 10343168]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 catchme;catchme; C:\WINDOWS\system32\drivers\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-01-26 3407424]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2009-06-29 22768]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-07-06 152984]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe [2009-07-06 487424]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-01-26 127042]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

 

 

info.txt logfile of random's system information tool 1.06 2009-07-11 07:26:38

 

======Uninstall list======

 

USB Web Camera -->C:\Arquivos de programas\InstallShield Installation Information\{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}\setup.exe -runfromtemp -l0x0416 -removeonly

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 9.1.2 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A91000000001}

Advanced SystemCare 3-->"C:\Arquivos de programas\IObit\Advanced SystemCare 3\unins000.exe"

Atualização para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Arquivos de programas\Avira\AntiVir Desktop\setup.exe /REMOVE

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

eMule-->"C:\Arquivos de programas\eMule\Uninstall.exe"

Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

FoxyTunes for Firefox-->"C:\Arquivos de programas\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul

HijackThis 2.0.2-->"C:\Documents and Settings\Administrador.CASA-394B976A04\Desktop\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Windows XP (KB943232)-->"C:\WINDOWS\$NtUninstallKB943232$\spuninst\spuninst.exe"

HP Deskjet All-In-One Software 9.0-->C:\Arquivos de programas\HP\Digital Imaging\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}\setup\hpzscr01.exe -datfile hposcr14.dat

Java 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB-->MsiExec.exe /I{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB-->MsiExec.exe /I{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 Language Pack SP1 - ptb-->MsiExec.exe /I{1438B41C-658C-35B7-9253-780F2E0A0B8E}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Motorola Phone Tools-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x816 -removeonly

Mozilla Firefox (3.5)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

MV RegClean 5.9-->"C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 5.9\unins000.exe"

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb\setup.exe

PCI Audio Driver-->cmuninst.exe

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Skype web features-->MsiExec.exe /I{F1362843-0E0E-4F74-8662-724CF101ADCE}

Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

Spybot - Search & Destroy-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins001.exe"

Spyware Terminator-->"C:\Arquivos de programas\Spyware Terminator\unins000.exe"

você 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}

Winamp-->"C:\Arquivos de programas\Winamp\UninstWA.exe"

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{3B96F4EA-CD82-4C57-B86A-646A017CAF18}

Windows Live Messenger-->MsiExec.exe /X{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}

Windows Media Format Runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

WinRAR archiver-->C:\Arquivos de programas\WinRAR\uninstall.exe

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

 

======Security center information======

 

AV: AVG Anti-Virus Free

AV: AntiVir Desktop

 

======System event log======

 

Computer Name: CASA-394B976A04

Event Code: 11

Message: O driver detectou um erro de controlador em \Device\Harddisk1\D.

 

Record Number: 497

Source Name: Disk

Time Written: 20090629181720.000000-180

Event Type: Erro

User:

 

Computer Name: CASA-394B976A04

Event Code: 11

Message: O driver detectou um erro de controlador em \Device\Harddisk1\D.

 

Record Number: 496

Source Name: Disk

Time Written: 20090629181719.000000-180

Event Type: Erro

User:

 

Computer Name: CASA-394B976A04

Event Code: 11

Message: O driver detectou um erro de controlador em \Device\Harddisk1\D.

 

Record Number: 495

Source Name: Disk

Time Written: 20090629181718.000000-180

Event Type: Erro

User:

 

Computer Name: CASA-394B976A04

Event Code: 11

Message: O driver detectou um erro de controlador em \Device\Harddisk1\D.

 

Record Number: 494

Source Name: Disk

Time Written: 20090629181713.000000-180

Event Type: Erro

User:

 

Computer Name: CASA-394B976A04

Event Code: 51

Message: Erro detectado no dispositivo \Device\Harddisk1\D durante uma operação de paginação.

 

Record Number: 493

Source Name: Disk

Time Written: 20090629181713.000000-180

Event Type: aviso

User:

 

=====Application event log=====

 

Computer Name: CASA-394B976A04

Event Code: 1000

Message: Os contadores de desempenho para o serviço MSDTC (MSDTC) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 5

Source Name: LoadPerf

Time Written: 20090609211813.000000-180

Event Type: Informações

User:

 

Computer Name: CASA-394B976A04

Event Code: 1000

Message: Os contadores de desempenho para o serviço TermService (Serviços de terminal) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 4

Source Name: LoadPerf

Time Written: 20090609211809.000000-180

Event Type: Informações

User:

 

Computer Name: CASA-394B976A04

Event Code: 1000

Message: Os contadores de desempenho para o serviço RemoteAccess (Roteamento e acesso remoto) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 3

Source Name: LoadPerf

Time Written: 20090609211135.000000-180

Event Type: Informações

User:

 

Computer Name: CASA-394B976A04

Event Code: 1000

Message: Os contadores de desempenho para o serviço PSched (PSched) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 2

Source Name: LoadPerf

Time Written: 20090609211109.000000-180

Event Type: Informações

User:

 

Computer Name: CASA-394B976A04

Event Code: 1000

Message: Os contadores de desempenho para o serviço RSVP (QoS RSVP) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 1

Source Name: LoadPerf

Time Written: 20090609211108.000000-180

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD

"PROCESSOR_REVISION"=0a00

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

[MGuitar 11]

- Faça o download do OTM e salve no desktop;

 

● Dê um duplo clique no ícone do programa (OTM.exe) para executá-lo;

● Selecione e copie todo este conteúdo aqui abaixo:

 

:Processesexplorer.exe:Reg[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]"MessengerPlusLiveUninstall"=-[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bef74fbb-8910-11dd-8a0a-000b230dc207}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bef74fbc-8910-11dd-8a0a-000b230dc207}]:FilesC:\ComboFixC:\WINDOWS\system32\CF17749.exeC:\Arquivos de programas\Messenger Plus! LiveC:\Qoobox:Services:Commands[purity][emptytemp][start explorer][Reboot]

● Cole o que você copiou no programa (no espaço em branco da janela);

● Clique no botão MoveIt;

● Se aparecer uma mensagem para reiniciar o computador, reinicie-o;

● Na sua proxima resposta, copie e cole o todo o conteúdo que está em Results;

● Se o computador reiniciou, vá na pasta C:\_OTM\MovedFiles e abra o arquivo com a extensão .log presente dentro da pasta.

 

Copie e cole todo o conteúdo desse arquivo, juntamente com um novo log do RSIT.

 

OBS: Pode postar apenas o log.txt do RSIT. O info.txt não será necessário.

 

Como está o computador?

[keysha 0]

O computador está funcionando normalmente. O problema cid não voltou a aparecer. Está carregando bem rápido.

 

 

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\MessengerPlusLiveUninstall deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bef74fbb-8910-11dd-8a0a-000b230dc207}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bef74fbb-8910-11dd-8a0a-000b230dc207}\ not found.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bef74fbc-8910-11dd-8a0a-000b230dc207}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bef74fbc-8910-11dd-8a0a-000b230dc207}\ not found.

========== FILES ==========

C:\ComboFix\N_ moved successfully.

C:\ComboFix moved successfully.

C:\WINDOWS\system32\CF17749.exe moved successfully.

C:\Arquivos de programas\Messenger Plus! Live\Languages moved successfully.

C:\Arquivos de programas\Messenger Plus! Live moved successfully.

C:\Qoobox\TestC moved successfully.

C:\Qoobox\Test moved successfully.

C:\Qoobox\Quarantine\Registry_backups moved successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32 moved successfully.

C:\Qoobox\Quarantine\C\WINDOWS moved successfully.

C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 moved successfully.

C:\Qoobox\Quarantine\C\RECYCLER moved successfully.

C:\Qoobox\Quarantine\C moved successfully.

C:\Qoobox\Quarantine moved successfully.

C:\Qoobox\LastRun moved successfully.

C:\Qoobox\BackEnv moved successfully.

C:\Qoobox moved successfully.

========== SERVICES/DRIVERS ==========

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrador.CASA

 

User: Administrador.CASA-394B976A04

->Temp folder emptied: 95766574 bytes

->Temporary Internet Files folder emptied: 1046892 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 72030812 bytes

 

User: All Users

 

User: All Users.WINDOWS

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService.AUTORIDADE NT

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService.AUTORIDADE NT.000

->Temp folder emptied: 65536 bytes

File delete failed. C:\Documents and Settings\LocalService.AUTORIDADE NT.000\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 281891 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService.AUTORIDADE NT

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

 

User: NetworkService.AUTORIDADE NT.000

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\NetworkService.AUTORIDADE NT.000\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

C:\WINDOWS\msdownld.tmp folder deleted successfully.

%systemroot% .tmp files removed: 2311201 bytes

%systemroot%\System32 .tmp files removed: 2969 bytes

Windows Temp folder emptied: 538034 bytes

RecycleBin emptied: 26994034 bytes

 

Total Files Cleaned = 189,98 mb

 

 

OTM by OldTimer - Version 3.0.0.4 log created on 07122009_055858

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

__________________________________________________________________

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Administrador at 2009-07-12 06:05:40

Microsoft Windows XP Professional Service Pack 2

System drive C: has 221 GB (92%) free of 238 GB

Total RAM: 768 MB (30% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 06:05:55, on 12/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp325.exe

C:\WINDOWS\vsnp325.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrador.CASA-394B976A04\Desktop\RSIT.exe

C:\Documents and Settings\Administrador.CASA-394B976A04\Desktop\Administrador.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wlcreateid/

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1246823069359

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 6668 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

AVG Security Toolbar BHO

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-07-06 41368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-06 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"=Mixer.exe /startup []

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-01-26 5529600]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-01-26 86016]

"WinampAgent"=C:\Arquivos de programas\Winamp\winampa.exe [2009-07-01 37888]

"FixCamera"=C:\WINDOWS\FixCamera.exe [2007-02-12 20480]

"tsnp325"=C:\WINDOWS\tsnp325.exe [2007-04-21 270336]

"snp325"=C:\WINDOWS\vsnp325.exe [2007-05-09 835584]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-07-06 148888]

"SpywareTerminator"=C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe [2009-07-06 2173440]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

"SpybotSD TeaTimer"=C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

"SpywareTerminatorUpdate"=C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-07-06 3055616]

"Advanced SystemCare 3"=C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe [2009-06-25 2328712]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-07-09 11952]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoResolveSearch"=

"NoPopUpsOnBoot"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2009-07-12 05:58:58 ----D---- C:\_OTM

2009-07-11 07:26:25 ----D---- C:\rsit

2009-07-09 19:46:53 ----A---- C:\lopR.txt

2009-07-09 19:46:25 ----D---- C:\Lop SD

2009-07-09 17:29:07 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\Canneverbe_Limited

2009-07-09 11:01:30 ----N---- C:\WINDOWS\system32\spmsg2.dll

2009-07-09 11:01:23 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$

2009-07-09 10:43:42 ----D---- C:\WINDOWS\system32\XPSViewer

2009-07-09 10:42:42 ----D---- C:\Arquivos de programas\MSBuild

2009-07-09 10:42:24 ----D---- C:\WINDOWS\system32\en-US

2009-07-09 10:41:05 ----D---- C:\Arquivos de programas\Reference Assemblies

2009-07-09 10:36:17 ----N---- C:\WINDOWS\system32\prntvpt.dll

2009-07-09 10:36:14 ----N---- C:\WINDOWS\system32\xpsshhdr.dll

2009-07-09 10:36:09 ----N---- C:\WINDOWS\system32\xpssvcs.dll

2009-07-09 10:36:03 ----D---- C:\f82a25a783da382da6

2009-07-09 10:30:37 ----RSD---- C:\WINDOWS\assembly

2009-07-09 10:24:46 ----D---- C:\WINDOWS\Microsoft.NET

2009-07-09 10:17:51 ----D---- C:\Arquivos de programas\MSXML 6.0

2009-07-09 07:40:32 ----A---- C:\WINDOWS\NIRCMD.exe

2009-07-09 07:40:29 ----A---- C:\WINDOWS\PEV.exe

2009-07-09 07:40:24 ----A---- C:\WINDOWS\zip.exe

2009-07-09 07:40:24 ----A---- C:\WINDOWS\SWREG.exe

2009-07-09 07:40:24 ----A---- C:\WINDOWS\sed.exe

2009-07-09 07:40:24 ----A---- C:\WINDOWS\grep.exe

2009-07-09 07:40:20 ----A---- C:\WINDOWS\SWSC.exe

2009-07-09 07:40:19 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-07-09 07:21:58 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab Setup Files

2009-07-09 05:33:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Avira

2009-07-09 05:33:56 ----D---- C:\Arquivos de programas\Avira

2009-07-09 05:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB943232$

2009-07-09 05:17:33 ----D---- C:\Arquivos de programas\Zone Labs

2009-07-09 05:16:37 ----D---- C:\WINDOWS\Internet Logs

2009-07-09 04:34:19 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll

2009-07-09 04:34:18 ----A---- C:\WINDOWS\system32\d3dx10_41.dll

2009-07-09 04:34:16 ----A---- C:\WINDOWS\system32\D3DX9_41.dll

2009-07-09 04:34:13 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll

2009-07-09 04:34:12 ----A---- C:\WINDOWS\system32\XAudio2_4.dll

2009-07-09 04:34:09 ----A---- C:\WINDOWS\system32\xactengine3_4.dll

2009-07-09 04:34:04 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll

2009-07-09 04:34:00 ----A---- C:\WINDOWS\system32\d3dx10_40.dll

2009-07-09 04:34:00 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll

2009-07-09 04:33:57 ----A---- C:\WINDOWS\system32\D3DX9_40.dll

2009-07-09 04:33:54 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll

2009-07-09 04:33:53 ----A---- C:\WINDOWS\system32\XAudio2_3.dll

2009-07-09 04:33:51 ----A---- C:\WINDOWS\system32\xactengine3_3.dll

2009-07-09 04:33:49 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll

2009-07-09 04:33:45 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll

2009-07-09 04:33:43 ----A---- C:\WINDOWS\system32\XAudio2_2.dll

2009-07-09 04:33:38 ----A---- C:\WINDOWS\system32\xactengine3_2.dll

2009-07-09 04:33:30 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll

2009-07-09 04:33:29 ----A---- C:\WINDOWS\system32\d3dx10_39.dll

2009-07-09 04:33:26 ----A---- C:\WINDOWS\system32\D3DX9_39.dll

2009-07-09 04:33:21 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll

2009-07-09 04:33:19 ----A---- C:\WINDOWS\system32\XAudio2_1.dll

2009-07-09 04:33:16 ----A---- C:\WINDOWS\system32\xactengine3_1.dll

2009-07-09 04:33:10 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll

2009-07-09 04:33:03 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll

2009-07-09 04:33:01 ----A---- C:\WINDOWS\system32\d3dx10_38.dll

2009-07-09 04:32:56 ----A---- C:\WINDOWS\system32\D3DX9_38.dll

2009-07-09 04:32:52 ----A---- C:\WINDOWS\system32\XAudio2_0.dll

2009-07-09 04:32:48 ----A---- C:\WINDOWS\system32\xactengine3_0.dll

2009-07-09 04:32:45 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll

2009-07-09 04:32:42 ----A---- C:\WINDOWS\system32\d3dx10_37.dll

2009-07-09 04:32:42 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll

2009-07-09 04:32:33 ----A---- C:\WINDOWS\system32\D3DX9_37.dll

2009-07-09 04:32:28 ----A---- C:\WINDOWS\system32\xactengine2_10.dll

2009-07-09 04:32:19 ----A---- C:\WINDOWS\system32\d3dx10_36.dll

2009-07-09 04:32:19 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll

2009-07-09 04:32:15 ----A---- C:\WINDOWS\system32\d3dx9_36.dll

2009-07-09 04:32:07 ----A---- C:\WINDOWS\system32\xactengine2_9.dll

2009-07-09 04:32:03 ----A---- C:\WINDOWS\system32\d3dx10_35.dll

2009-07-09 04:32:03 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll

2009-07-09 04:31:55 ----A---- C:\WINDOWS\system32\d3dx9_35.dll

2009-07-09 04:31:52 ----A---- C:\WINDOWS\system32\xactengine2_8.dll

2009-07-09 04:31:52 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll

2009-07-09 04:31:48 ----A---- C:\WINDOWS\system32\d3dx10_34.dll

2009-07-09 04:31:48 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll

2009-07-09 04:31:45 ----A---- C:\WINDOWS\system32\d3dx9_34.dll

2009-07-09 04:31:38 ----A---- C:\WINDOWS\system32\xinput1_3.dll

2009-07-09 04:31:34 ----A---- C:\WINDOWS\system32\xactengine2_7.dll

2009-07-09 04:31:26 ----A---- C:\WINDOWS\system32\d3dx10_33.dll

2009-07-09 04:31:25 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll

2009-07-09 04:31:21 ----A---- C:\WINDOWS\system32\d3dx9_33.dll

2009-07-09 04:31:16 ----A---- C:\WINDOWS\system32\xactengine2_6.dll

2009-07-09 04:31:08 ----A---- C:\WINDOWS\system32\xactengine2_5.dll

2009-07-09 04:31:05 ----A---- C:\WINDOWS\system32\d3dx9_32.dll

2009-07-09 04:31:02 ----A---- C:\WINDOWS\system32\xactengine2_4.dll

2009-07-09 04:31:01 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll

2009-07-09 04:30:59 ----A---- C:\WINDOWS\system32\d3dx9_31.dll

2009-07-09 04:30:56 ----A---- C:\WINDOWS\system32\xactengine2_3.dll

2009-07-09 04:30:54 ----A---- C:\WINDOWS\system32\xinput1_2.dll

2009-07-09 04:30:51 ----A---- C:\WINDOWS\system32\xactengine2_2.dll

2009-07-09 04:30:49 ----A---- C:\WINDOWS\system32\xinput1_1.dll

2009-07-09 04:30:46 ----A---- C:\WINDOWS\system32\xactengine2_1.dll

2009-07-09 04:30:44 ----A---- C:\WINDOWS\system32\d3dx9_30.dll

2009-07-09 04:30:41 ----A---- C:\WINDOWS\system32\xactengine2_0.dll

2009-07-09 04:30:41 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll

2009-07-09 04:30:38 ----A---- C:\WINDOWS\system32\d3dx9_29.dll

2009-07-09 04:30:29 ----A---- C:\WINDOWS\system32\d3dx9_28.dll

2009-07-09 04:30:28 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll

2009-07-09 04:30:25 ----A---- C:\WINDOWS\system32\d3dx9_27.dll

2009-07-09 04:30:21 ----A---- C:\WINDOWS\system32\d3dx9_26.dll

2009-07-09 04:30:14 ----A---- C:\WINDOWS\system32\d3dx9_25.dll

2009-07-09 04:30:04 ----A---- C:\WINDOWS\system32\d3dx9_24.dll

2009-07-09 04:21:35 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\IObit

2009-07-09 04:14:19 ----D---- C:\WINDOWS\Logs

2009-07-09 02:49:38 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP

2009-07-09 00:26:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\AVG Security Toolbar

2009-07-08 23:42:02 ----A---- C:\WINDOWS\system32\MSVCR71.dll

2009-07-08 23:42:02 ----A---- C:\WINDOWS\system32\MSVCP71.dll

2009-07-08 23:42:02 ----A---- C:\WINDOWS\system32\MFC71.dll

2009-07-08 23:38:19 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2009-07-08 23:38:03 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\AVGTOOLBAR

2009-07-08 23:37:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\avg8

2009-07-07 22:59:28 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Avanquest Software

2009-07-07 22:52:46 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem.txt

2009-07-06 12:19:53 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Adobe

2009-07-06 11:57:41 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\Spyware Terminator

2009-07-06 11:57:34 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spyware Terminator

2009-07-06 11:57:34 ----D---- C:\Arquivos de programas\Spyware Terminator

2009-07-06 11:57:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2009-07-06 11:05:08 ----A---- C:\WINDOWS\system32\javaws.exe

2009-07-06 11:05:08 ----A---- C:\WINDOWS\system32\javaw.exe

2009-07-06 11:05:08 ----A---- C:\WINDOWS\system32\java.exe

2009-07-06 11:05:08 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-07-06 11:02:46 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\Sun

2009-07-06 10:34:12 ----A---- C:\WINDOWS\system32\vfwwdm32.dll

2009-07-06 10:33:02 ----A---- C:\WINDOWS\FixCamera.exe

2009-07-06 10:33:02 ----A---- C:\WINDOWS\amcap.exe

2009-07-06 10:32:59 ----A---- C:\WINDOWS\vsnp325.exe

2009-07-06 10:32:59 ----A---- C:\WINDOWS\tsnp325.exe

2009-07-06 10:32:59 ----A---- C:\WINDOWS\snp325.ini

2009-07-06 10:32:57 ----A---- C:\WINDOWS\system32\vsnp325.dll

2009-07-06 10:32:57 ----A---- C:\WINDOWS\system32\rsnp325.dll

2009-07-06 10:32:57 ----A---- C:\WINDOWS\system32\csnp325.dll

2009-07-06 10:32:50 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\InstallShield

2009-07-06 04:41:48 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\skypePM

2009-07-06 04:27:42 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\Skype

2009-07-06 04:09:29 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Skype

2009-07-06 04:04:13 ----D---- C:\Arquivos de programas\uTorrent

2009-07-06 04:03:49 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\uTorrent

2009-07-05 23:59:43 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\WinRAR

2009-07-05 22:45:12 ----D---- C:\WINDOWS\RegisteredPackages

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\vxblock.dll

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxwave.dll

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxsfs.dll

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxmas.dll

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxinsa64.exe

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxhpinst.exe

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxdrv.dll

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxcpya64.exe

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\pxafs.dll

2009-07-05 22:39:56 ----N---- C:\WINDOWS\system32\px.dll

2009-07-05 22:39:53 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\Winamp

2009-07-05 17:21:55 ----A---- C:\WINDOWS\system32\spupdsvc.exe

2009-07-05 17:21:21 ----N---- C:\WINDOWS\system32\spmsg.dll

2009-07-05 17:05:25 ----A---- C:\WINDOWS\system32\wups2.dll

2009-07-05 17:05:25 ----A---- C:\WINDOWS\system32\wucltui.dll.mui

2009-07-05 17:05:25 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

2009-07-05 17:05:24 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

2009-07-05 14:43:43 ----D---- C:\WINDOWS\nview

2009-07-05 14:43:43 ----A---- C:\WINDOWS\system32\nvudisp.exe

2009-07-05 14:39:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Hewlett-Packard

2009-07-05 14:39:11 ----A---- C:\WINDOWS\system32\hpzll5ha.dll

2009-07-05 14:38:58 ----A---- C:\WINDOWS\system32\hpzids01.dll

2009-07-05 14:38:55 ----A---- C:\WINDOWS\system32\hppldcoi.dll

2009-07-05 14:38:55 ----A---- C:\WINDOWS\system32\hpowiax3.dll

2009-07-05 14:38:55 ----A---- C:\WINDOWS\system32\hpovst10.dll

2009-07-05 14:38:55 ----A---- C:\WINDOWS\system32\hpotscl3.dll

2009-07-05 14:38:55 ----A---- C:\WINDOWS\system32\difxapi.dll

2009-07-05 13:55:52 ----A---- C:\WINDOWS\mixerdef.ini

2009-06-29 19:43:48 ----A---- C:\DBS.TXT

2009-06-29 19:31:10 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\BVRP Software

2009-06-29 19:31:10 ----D---- C:\Arquivos de programas\Motorola Phone Tools

2009-06-29 12:28:56 ----D---- C:\MP3

2009-06-28 01:01:20 ----A---- C:\WINDOWS\SchedLgU.Txt

 

======List of files/folders modified in the last 1 months======

 

2009-07-12 06:02:06 ----D---- C:\Arquivos de programas\Mozilla Firefox

2009-07-12 06:01:35 ----D---- C:\WINDOWS\Temp

2009-07-12 06:01:12 ----D---- C:\WINDOWS\system32\CatRoot2

2009-07-12 05:59:37 ----D---- C:\WINDOWS\system32

2009-07-12 05:59:37 ----D---- C:\WINDOWS

2009-07-12 05:59:10 ----RD---- C:\Arquivos de programas

2009-07-12 05:59:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-07-12 05:58:59 ----D---- C:\WINDOWS\Prefetch

2009-07-09 19:48:14 ----SD---- C:\WINDOWS\Tasks

2009-07-09 18:56:58 ----SD---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\Microsoft

2009-07-09 18:56:57 ----D---- C:\WINDOWS\system32\drivers

2009-07-09 17:16:01 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft

2009-07-09 11:01:49 ----HD---- C:\WINDOWS\inf

2009-07-09 11:01:03 ----SHD---- C:\WINDOWS\Installer

2009-07-09 11:01:03 ----HD---- C:\Config.Msi

2009-07-09 10:58:29 ----D---- C:\WINDOWS\system32\pt-br

2009-07-09 10:55:05 ----D---- C:\WINDOWS\system32\mui

2009-07-09 10:42:05 ----RSD---- C:\WINDOWS\Fonts

2009-07-09 10:39:10 ----D---- C:\WINDOWS\system32\spool

2009-07-09 10:38:07 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-07-09 10:32:31 ----D---- C:\WINDOWS\WinSxS

2009-07-09 10:26:16 ----D---- C:\Arquivos de programas\Internet Explorer

2009-07-09 07:47:44 ----A---- C:\WINDOWS\system.ini

2009-07-09 07:46:35 ----SHD---- C:\RECYCLER

2009-07-09 07:44:37 ----D---- C:\WINDOWS\AppPatch

2009-07-09 07:44:32 ----D---- C:\Arquivos de programas\Arquivos comuns

2009-07-09 04:50:17 ----D---- C:\WINDOWS\Minidump

2009-07-09 04:50:17 ----D---- C:\WINDOWS\Debug

2009-07-09 04:34:27 ----D---- C:\WINDOWS\system32\DirectX

2009-07-09 03:27:31 ----D---- C:\WINDOWS\system32\config

2009-07-08 22:20:52 ----D---- C:\WINDOWS\security

2009-07-08 15:19:03 ----D---- C:\Arquivos de programas\eMule

2009-07-06 12:34:57 ----D---- C:\Documents and Settings\Administrador.CASA-394B976A04\Dados de aplicativos\Adobe

2009-07-06 12:21:38 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe

2009-07-06 12:17:04 ----D---- C:\Arquivos de programas\Adobe

2009-07-06 12:00:51 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy

2009-07-06 11:04:50 ----D---- C:\Arquivos de programas\Java

2009-07-06 10:45:31 ----D---- C:\WINDOWS\system

2009-07-06 10:35:37 ----A---- C:\WINDOWS\win.ini

2009-07-06 10:32:59 ----D---- C:\Arquivos de programas\Arquivos comuns\snp325

2009-07-06 10:07:00 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2009-07-06 04:10:19 ----RD---- C:\Arquivos de programas\Skype

2009-07-06 04:09:37 ----D---- C:\Arquivos de programas\Arquivos comuns\Skype

2009-07-05 23:59:24 ----D---- C:\Arquivos de programas\WinRAR

2009-07-05 22:52:42 ----D---- C:\Arquivos de programas\Winamp

2009-07-05 17:42:43 ----D---- C:\WINDOWS\Help

2009-07-05 17:21:13 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

2009-07-05 17:05:29 ----D---- C:\WINDOWS\SoftwareDistribution

2009-07-05 16:47:22 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-07-05 14:52:57 ----D---- C:\Documents and Settings

2009-07-05 14:40:01 ----D---- C:\WINDOWS\twain_32

2009-07-05 14:39:01 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-06-29 14:22:11 ----D---- C:\Program Files

2009-06-28 01:03:21 ----SHD---- C:\WINDOWS\CSC

2009-06-24 00:50:51 ----D---- C:\Arquivos de programas\MSECache

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41472]

R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys []

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-09 335752]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-09 27784]

R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-08 108552]

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]

R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-01-29 370382]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]

R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 SNP325;USB PC Camera (SNPSTD325); C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-05-07 10343168]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 catchme;catchme; C:\WINDOWS\system32\drivers\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-01-26 3407424]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2009-06-29 22768]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-07-06 152984]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe [2009-07-06 487424]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-01-26 127042]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[MGuitar 11]

Execute o HijackThis. Clique em Do a system scan only, marque as entradas abaixo no log e clique no botão Fix checked:

 

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

Clique em Sim na mensagem e feche o programa.

 

 

- Faça o download do ToolsCleaner2 e salve no desktop;

 

- Feche todas as janelas abertas e dê um duplo clique no ícone do programa para executá-lo:

- Clique no botão Recherche para iniciar o scan e aguarde:

- Quando o scan terminar, será apresentado os itens que serão removidos;

- Clique no botão Supression para remover os itens encontrados e depois clique em Quitter para que o programa se feche e o log será gerado;

- O log estará em C:\TCleaner.txt.

 

Cole este log em sua próxima resposta.

 

O log está limpo.

 

Algum problema na máquina ainda?

[keysha 0]

[ Rapport ToolsCleaner version 2.3.7 (par A.Rothstein & dj QUIOU) ]

 

--> Recherche:

 

C:\lopR.txt: trouvé !

C:\Lop SD: trouvé !

C:\_OTM: trouvé !

C:\Rsit: trouvé !

C:\Documents and Settings\Administrador.CASA-394B976A04\Desktop\LopSD.exe: trouvé !

C:\Documents and Settings\Administrador.CASA-394B976A04\Desktop\OTM.exe: trouvé !

C:\Documents and Settings\Administrador.CASA-394B976A04\Desktop\HijackThis.exe: trouvé !

C:\Documents and Settings\Administrador.CASA-394B976A04\Desktop\Rsit.exe: trouvé !

C:\_OTM\MovedFiles\07122009_055858\Combofix: trouvé !

C:\_OTM\MovedFiles\07122009_055858\Qoobox: trouvé !

C:\_OTM\MovedFiles\07122009_055858\ComboFix\Combofix.txt: trouvé !

 

---------------------------------

--> Suppression:

 

C:\Documents and Settings\Administrador.CASA-394B976A04\Desktop\LopSD.exe: supprimé !

C:\Documents and Settings\Administrador.CASA-394B976A04\Desktop\OTM.exe: supprimé !

C:\Documents and Settings\Administrador.CASA-394B976A04\Desktop\HijackThis.exe: supprimé !

C:\lopR.txt: supprimé !

C:\Documents and Settings\Administrador.CASA-394B976A04\Desktop\Rsit.exe: supprimé !

C:\_OTM\MovedFiles\07122009_055858\ComboFix\Combofix.txt: supprimé !

C:\Lop SD: supprimé !

C:\_OTM: supprimé !

C:\Rsit: supprimé !

 

Nenhum problema! Muito obrigada!

[MGuitar 11]

Delete a ferramenta ToolsCleaner2 e seu log C:\TCleaner.txt.

 

Seu sistema está completamente desatualizado, isso deixa o computador mais vulnerável à infecções.

 

Recomendo que baixe e instale o '>http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&DisplayLang=pt-br"]Service Pack 3 e o '>http://www.microsoft.com/downloads/details.aspx?FamilyID=341c2ad5-8c3d-4347-8c03-08cdecd8852b&displaylang=pt-br"]Internet Explorer 8.

 

Após isto, acesse o '>http://update.microsoft.com/."]Windows Update e baixe as últimas atualizações críticas da Microsoft lançadas ontem (terça-feira).

 

Há algo em que eu possa ajudá-la ainda?

[keysha 0]

Consegui baixar as últimas atualizações por links diretos.

 

Os demais problemas aqui do pc creio que só eu poderei resolver em algum tempo.

 

O pc tem iniciado no setup, acho que uma nova bateria pra placa mãe resolverá isso.

 

E minha placa de vídeo parece estar com defeito. A tela apagava do nada, mas sem parar de executar os programas, o problema acabou quando desabilitei o driver de vídeo. Claro que está deixando a desejar em alguns efeitos gráficos e resolução, mas como não sou adepta de jogos nem nada do gênero, posso aguandar mais um tempo sem uma placa nova. Se tiver alguma outra sugestão sobre o que possa ser o problema, toda ajuda é bem-vinda!

 

Agora o pc da minha irmã está tendo problemas de pop-ups semelhantes, mas no dela abrem janelas no firefox (ela não tem instalado o IE) e esses sites são em japonês ou alguma outra lingua que desconheço. Devo criar novo tópico?

 

Muito obrigada por toda ajuda!

[MGuitar 11]

O pc tem iniciado no setup, acho que uma nova bateria pra placa mãe resolverá isso.

 

E minha placa de vídeo parece estar com defeito. A tela apagava do nada, mas sem parar de executar os programas, o problema acabou quando desabilitei o driver de vídeo. Claro que está deixando a desejar em alguns efeitos gráficos e resolução, mas como não sou adepta de jogos nem nada do gênero, posso aguandar mais um tempo sem uma placa nova. Se tiver alguma outra sugestão sobre o que possa ser o problema, toda ajuda é bem-vinda!

O problema com certeza está relacionado a hardware. Recomendo que abra um tópico relatando este problema na área de hardware aqui do fórum:

 

http://forum.imasters.com.br/index.php?/forum/35-hardware-geral/

 

Agora o pc da minha irmã está tendo problemas de pop-ups semelhantes, mas no dela abrem janelas no firefox (ela não tem instalado o IE) e esses sites são em japonês ou alguma outra lingua que desconheço. Devo criar novo tópico?

Pode postar um log do HijackThis do PC de sua irmã aqui mesmo neste tópico, não há necessidade de abrir outro.

[keysha 0]

Obrigada! Andei mesmo dando uma olhada no restante do fórum, vou aproveitar e tirar umas dúvidas sobre meu celular. A seguir o log do pc da minha sister:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:46:38, on 17/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\vsnp325.exe

C:\WINDOWS\system32\XP-08529226.EXE

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\lotus\register\remind32.exe

C:\Arquivos de programas\Microsoft Office\Office10\msoffice.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\HX-DBE0B.EXE

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Documents and Settings\Administrador\Meus documentos\Winamp\winampa.exe"

O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [XP-08529226] C:\WINDOWS\system32\XP-08529226.EXE

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe

O4 - Startup: Registro do Lotus SmartSuite Release 9.lnk = C:\lotus\register\remind32.exe

O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-08529226.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 7011 bytes

[MGuitar 11]

Vá em Painel de Controle > Adicionar ou Remover Programas. Veja se o componente abaixo consta na lista e desinstale-o:

 

Crawler

 

DICA: Sempre que for instalar o anti-spyware Spyware Terminator, não aceite a instalação da toolbar Crawler. Pois não é uma toolbar segura de se ter instalada no sistema.

 

 

- Faça o download do '>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

 

Cole este log em sua próxima resposta.

[keysha 0]

Analista MGuitar, obrigada por tudo! Não precisaremos continuar com esse tópico, pois minha irmã decidiu que não precisa da nossa ajuda! Ela acha que a simples varredura do anti-virus dela (que já encontrou umas dezenas de infecções) resolverá tudo.

 

Acho que este tópico pode ser encerrado!

Muito obrigada!

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.