Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
junior_pr

Problemas no Pc - Ajuda !

Recommended Posts

E ae galera beleza,to precisando de ajuda, o meu pc ta acabado, ta lento, toda hora abre pop-ups , to postando o log Hijackthis pra vocês darem uma olhada, agradeço desde já pela ajuda !

Scan saved at 11:43:46, on 6/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wln.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7597daa3-753b-4526-996f-a9319713bcb9} - C:\WINDOWS\system32\dfsgon.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp4.tmp.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\qopqnl.dll",forkonce

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\instem.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\instem.dll (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{3F97D805-C518-4595-B3EA-3CBD0F89EBCD}: NameServer = 201.33.224.2,201.33.224.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{4C24AAAF-0756-4C62-93B5-4BCC6B31398E}: NameServer = 201.33.224.2,201.33.224.3

O20 - AppInit_DLLs: c:\windows\system32\pmnnooo.dll

O20 - Winlogon Notify: dfsgon - C:\WINDOWS\SYSTEM32\dfsgon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

Compartilhar este post


Link para o post
Compartilhar em outros sites

junior_pr, bem-vindo (a) ao fórum do Clube do Hardware.

@- Baixe o Combofix;

- Copie as instruções para o bloco de notas ou imprima!

:: Desabilite/Feche o seu antivirus antes de fazer os procedimentos abaixos ::

@- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

  • Digite a opção para continuar e <ENTER>.
  • Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

- Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

- Log reservado: C:\ComboFix.txt

@- Post os logs do Hijack (atualizado), ComboFix.txt e cole-os na sequência.

Mr. Coruj@

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Então executei o Combofix como você tinha me pedido, aí vai os log do Combofix e do HijackThis :

    ComboFix 07-08-04.3 - "Pedro" 2007-08-06 14:44:55.1 [GMT -3:00] - NTFS

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

    * Created a new restore point

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\DOCUME~1\Pedro\DADOSD~1\tmp1A.tmp.exe

    C:\DOCUME~1\Pedro\DADOSD~1\tmp1C.tmp.exe

    C:\DOCUME~1\Pedro\DADOSD~1\tmp4.tmp.exe

    C:\DOCUME~1\Pedro\DADOSD~1\tmp5.tmp.exe

    C:\WINDOWS\regedit.com

    C:\WINDOWS\services.dll

    C:\WINDOWS\system32\dfsgon.dll

    C:\WINDOWS\system32\dnc454108f.dat

    C:\WINDOWS\system32\mljge.exe

    C:\WINDOWS\system32\mllmm.exe

    C:\WINDOWS\system32\taskmgr.com

    C:\WINDOWS\system32\tmp4.tmp.dll

    ((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))

    2007-08-06 14:44 51,200 --a------ C:\WINDOWS\nircmd.exe

    2007-08-06 10:54 <DIR> d-------- C:\Arquivos de programas\Trend Micro

    2007-08-06 10:31 92,687 --a------ C:\WINDOWS\system32\msddrv.dll.vir

    2007-08-06 10:13 <DIR> d-------- C:\VundoFix Backups

    2007-08-05 20:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Lavasoft

    2007-08-05 19:51 <DIR> d-------- C:\Arquivos de programas\Marcos Velasco Security

    2007-08-05 19:35 131,433 --a------ C:\WINDOWS\qopqnl.dll

    2007-08-05 13:37 92,730 --a------ C:\WINDOWS\system32\instem.dll.vir

    2007-08-05 13:37 13,380 --a------ C:\WINDOWS\system32\pmnnooo.dll

    2007-08-05 13:27 <DIR> d-------- C:\WINDOWS\Icon Pack

    2007-08-05 12:56 25,664 --a------ C:\WINDOWS\system32\6cvty7Vo.exe

    2007-07-29 17:32 <DIR> d-------- C:\WINDOWS\CSC

    2007-07-29 17:24 <DIR> d--h----- C:\WINDOWS\PIF

    2007-07-28 17:03 8,876,032 --------- C:\WINDOWS\system32\FocusMag.dll

    2007-07-28 17:03 109,056 --a------ C:\WINDOWS\system32\ESFinish.exe

    2007-07-28 17:03 <DIR> d-------- C:\Program Files

    2007-07-27 18:17 <DIR> d-------- C:\Arquivos de programas\Valve

    2007-07-26 20:20 10 --a------ C:\WINDOWS\popcinfo.dat

    2007-07-26 20:19 724,992 --a------ C:\WINDOWS\iun6002.exe

    2007-07-26 20:19 <DIR> d-------- C:\Arquivos de programas\Zuma Deluxe!

    2007-07-24 21:49 <DIR> d-------- C:\Arquivos de programas\K-LiteNitro

    2007-07-18 20:47 <DIR> d-------- C:\Arquivos de programas\Activision

    2007-07-18 18:57 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

    2007-07-18 15:34 61,440 -ra------ C:\WINDOWS\system32\vuins32.dll

    2007-07-18 15:34 43,008 -ra------ C:\WINDOWS\system32\drivers\dlkfet5b.sys

    2007-07-09 13:26 <DIR> d-------- C:\DOCUME~1\Pedro\DADOSD~1\Help

    2007-07-09 08:16 150 --ahs---- C:\WINDOWS\system32\3293843599.dat

    2007-07-07 13:32 6,029,312 --a------ C:\DOCUME~1\Pedro\ntuser.dat

    2007-07-07 13:31 229,376 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-06 14:48 81920 --a------ C:\WINDOWS\system32\sstqo.exe

    2007-07-28 17:30 --------- d-------- C:\Arquivos de programas\World of Warcraft

    2007-07-27 15:07 --------- d-------- C:\Arquivos de programas\Desafio Sebrae 2007

    2007-07-20 16:31 --------- d-------- C:\Arquivos de programas\eMule

    2007-07-05 19:33 --------- d-------- C:\Arquivos de programas\Snes.net

    2007-06-30 22:41 --------- d-------- C:\DOCUME~1\Pedro\DADOSD~1\ParentalControl

    2007-06-30 16:45 --------- d-------- C:\Arquivos de programas\Arquivos comuns\PC Tools

    2007-06-22 20:31 --------- d-------- C:\Arquivos de programas\Tomb Raider - Anniversary

    2007-06-18 11:11 --------- dr-h----- C:\DOCUME~1\Pedro\DADOSD~1\SecuROM

    2007-06-12 06:02 376832 --a------ C:\WINDOWS\winb.exe

    2007-06-02 13:06 56 -r-hs---- C:\WINDOWS\system32\C5A761B388.sys

    2007-06-02 13:06 10022 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

    2007-05-30 17:42 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

    2007-05-19 17:21 49586 --a------ C:\WINDOWS\system32\perfc016.dat

    2007-05-19 17:21 347294 --a------ C:\WINDOWS\system32\perfh016.dat

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]

    "AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-05-14 12:11]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-03-29 17:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

    "MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

    "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56]

    C:\Documents and Settings\Pedro\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-29 17:09:16]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-29 17:09:16]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "DisableClock"=0 (0x0)

    "NoDispCPL"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoSaveSettings"=0 (0x0)

    "NoMultiIE"=0 (0x0)

    "LWA"=0 (0x0)

    "LWB"=0 (0x0)

    "LWC"=0 (0x0)

    "LWD"=0 (0x0)

    "LWE"=0 (0x0)

    "LWF"=0 (0x0)

    "LWG"=0 (0x0)

    "LWH"=0 (0x0)

    "LWI"=0 (0x0)

    "LWJ"=0 (0x0)

    "LWK"=0 (0x0)

    "LWL"=0 (0x0)

    "LWM"=0 (0x0)

    "LWN"=0 (0x0)

    "LWO"=0 (0x0)

    "LWP"=0 (0x0)

    "LWQ"=0 (0x0)

    "LWR"=0 (0x0)

    "LWS"=0 (0x0)

    "LWT"=0 (0x0)

    "LWU"=0 (0x0)

    "LWV"=0 (0x0)

    "LWW"=0 (0x0)

    "LWX"=0 (0x0)

    "LWY"=0 (0x0)

    "LWZ"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "appinit_dlls"=c:\windows\system32\pmnnooo.dll

    R0 uagp35;Filtro Microsoft AGPv3.5;C:\WINDOWS\system32\DRIVERS\uagp35.sys

    R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys

    R2 nhksrv;Netropa NHK Server;C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

    R3 cwrwdm;SoundFusion WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys

    R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys

    S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys

    S3 LimitsPM;Limits Process Monitor;\??\C:\WINDOWS\TEMP\TMP19.tmp

    S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\slnt.sys

    Contents of the 'Scheduled Tasks' folder

    2007-07-20 03:00:00 C:\WINDOWS\Tasks\At1.job

    2007-07-22 12:00:00 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-06 13:00:00 C:\WINDOWS\Tasks\At11.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-06 14:00:00 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-06 15:00:00 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-06 16:00:00 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-05 17:00:00 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-05 18:00:00 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-04 19:00:00 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-04 20:00:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-04 21:00:00 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-07-22 04:00:00 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-04 22:00:00 C:\WINDOWS\Tasks\At20.job

    2007-08-05 23:00:00 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-05 00:00:00 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-06 01:00:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-06 02:00:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At26.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At28.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-06-29 14:34:45 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At32.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-06 13:01:43 C:\WINDOWS\Tasks\At35.job

    2007-08-06 14:01:49 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-06 15:01:00 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-06 16:01:03 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 17:01:01 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-06-29 14:34:45 C:\WINDOWS\Tasks\At4.job

    2007-08-05 18:02:56 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At41.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At43.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 23:01:54 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-06 01:01:46 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-06 02:01:00 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-06-29 14:34:45 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-06-29 14:34:45 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-06-29 14:34:45 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-06-29 14:34:45 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-05 11:00:00 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\3UuXA5yd.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-08-06 14:48:35

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\sstqo.exe

    C:\WINDOWS\system32\dnc454108f.dat

    scan completed successfully

    hidden files: 2

    **************************************************************************

    Completion time: 2007-08-06 14:49:50 - machine was rebooted

    C:\ComboFix-quarantined-files.txt ... 2007-08-06 14:49

    --- E O F ---

    HijackThis

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 14:56:15, on 6/8/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\RunDll32.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wln.com.br/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: (no name) - {6c74b159-64ea-43d8-b1f6-f7984378f367} - C:\WINDOWS\system32\cat594.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\cat594.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\cat594.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F97D805-C518-4595-B3EA-3CBD0F89EBCD}: NameServer = 201.33.224.2,201.33.224.3

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4C24AAAF-0756-4C62-93B5-4BCC6B31398E}: NameServer = 201.33.224.2,201.33.224.3

    O20 - AppInit_DLLs: c:\windows\system32\pmnnooo.dll

    O20 - Winlogon Notify: cat594 - C:\WINDOWS\SYSTEM32\cat594.dll

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

    O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

    --

    End of file - 5210 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    junior_pr,

    -Baixe o Findlop;

    - Execute a Ferramenta findlop.bat e aguarde a criação do log.

    - Post o log do Findlop (...:\findlop.txt)) e cole-o na sequência.

    Mr. Coruj@

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Mr. Coruj@,

    Aí vai o log do FindLop.bat :

    [TRACE] Enumerating jobs and queues

    [TRACE] Activating job 'At1.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 0:00:00

    StartError: 0x80070002

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 00:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At10.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 9:00:00

    StartError: 0x80070002

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 09:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At11.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 10:00:00

    StartError: 0x80070002

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 10:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At12.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 06/30/2007 11:00:00

    NextRun: 08/07/2007 11:00:00

    StartError: 0x80070002

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 11:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At13.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 07/05/2007 12:00:00

    NextRun: 08/07/2007 12:00:00

    StartError: 0x80070002

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 12:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At14.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 07/05/2007 13:00:00

    NextRun: 08/07/2007 13:00:00

    StartError: 0x80070002

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 13:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At15.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 07/01/2007 14:00:00

    NextRun: 08/07/2007 14:00:00

    StartError: 0x80070002

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 14:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At16.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 07/05/2007 15:00:00

    NextRun: 08/07/2007 15:00:00

    StartError: 0x80070002

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 15:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At17.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 07/04/2007 16:00:00

    NextRun: 08/06/2007 16:00:00

    StartError: 0x80070002

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 16:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At18.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 07/05/2007 17:00:00

    NextRun: 08/06/2007 17:00:00

    StartError: 0x80070002

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 17:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At19.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 07/05/2007 18:00:00

    NextRun: 08/06/2007 18:00:00

    StartError: 0x80070002

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 18:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At2.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 07/01/2007 1:00:00

    NextRun: 08/07/2007 1:00:00

    StartError: 0x80070002

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 01:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At20.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 07/01/2007 19:00:00

    NextRun: 08/06/2007 19:00:00

    StartError: 0x80070002

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 19:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At21.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 07/05/2007 20:00:00

    NextRun: 08/06/2007 20:00:00

    StartError: 0x80070002

    ExitCode: 0

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 20:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At22.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 07/05/2007 21:00:00

    NextRun: 08/06/2007 21:00:00

    StartError: 0x80070002

    ExitCode: 0

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 21:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At23.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 07/05/2007 22:00:00

    NextRun: 08/06/2007 22:00:00

    StartError: 0x80070002

    ExitCode: 0

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 22:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At24.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 07/05/2007 23:00:00

    NextRun: 08/06/2007 23:00:00

    StartError: 0x80070002

    ExitCode: 0

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 23:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At25.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 0:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 00:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At26.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 1:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 01:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At27.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 2:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 02:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At28.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 3:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 03:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At29.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 4:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 04:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At3.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 2:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 02:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At30.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 5:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 05:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At31.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 6:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 06:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At32.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 7:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 07:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At33.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 8:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 08:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At34.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 9:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 09:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At35.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 08/06/2007 10:00:01

    NextRun: 08/07/2007 10:00:00

    StartError: S_OK

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 10:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At36.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 08/06/2007 11:00:00

    NextRun: 08/07/2007 11:00:00

    StartError: S_OK

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 11:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At37.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 08/06/2007 12:00:00

    NextRun: 08/07/2007 12:00:00

    StartError: S_OK

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 12:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At38.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 08/06/2007 13:00:00

    NextRun: 08/07/2007 13:00:00

    StartError: S_OK

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 13:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At39.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 08/05/2007 14:00:00

    NextRun: 08/07/2007 14:00:00

    StartError: S_OK

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 14:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At4.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 3:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 03:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At40.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 08/06/2007 15:00:00

    NextRun: 08/07/2007 15:00:00

    StartError: S_OK

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 15:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At41.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/06/2007 16:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 16:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At42.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/06/2007 17:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 17:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At43.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/06/2007 18:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 18:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At44.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/06/2007 19:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 19:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At45.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 08/05/2007 20:00:00

    NextRun: 08/06/2007 20:00:00

    StartError: S_OK

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 20:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At46.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/06/2007 21:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 21:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At47.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 08/05/2007 22:00:00

    NextRun: 08/06/2007 22:00:00

    StartError: S_OK

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 22:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At48.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\6cvty7Vo.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 08/05/2007 23:00:00

    NextRun: 08/06/2007 23:00:00

    StartError: S_OK

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 08/05/2007

    EndDate: 00/00/0000

    StartTime: 23:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At5.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 4:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 04:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At6.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 5:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 05:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At7.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 6:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 06:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At8.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 08/07/2007 7:00:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_HAS_NOT_RUN

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 07:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'At9.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\WINDOWS\system32\3UuXA5yd.exe'

    Parameters: ''

    WorkingDirectory: ''

    Comment: 'Criado por NetScheduleJobAdd.'

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 07/01/2007 8:00:00

    NextRun: 08/07/2007 8:00:00

    StartError: 0x80070002

    ExitCode: 0x1

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    [WARN ] Unrecognized bits = 200000

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: UMTWRFA

    StartDate: 06/29/2007

    EndDate: 00/00/0000

    StartTime: 08:00

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Opa amigo, desculpe-me pela demora. Poderia atualizar os logs? É só rodar os programas novamente (ComboFix e HijackThis) e gerar os logs, ok?

    Um forte abraço,

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Opa amigo, desculpe-me pela demora. Poderia atualizar os logs? É só rodar os programas novamente (ComboFix e HijackThis) e gerar os logs, ok?

    Um forte abraço,

    Nem se preocupe com a demora, então, nesse meio tempo eu acabei passando uns antivirus , acho eu que ele limpou alguma coisa, pois antes abria muito pop- ups do WinAntivirus 2006 e coisa parecida e agora parou, mas ainda sim desconfio que pode ainter ter algo no meu pc, segue abaixo os logs pedidos, obrigado pela ajuda !!!!!

    HijackThis

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 12:13:29, on 10/8/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\notepad.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wln.com.br/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F97D805-C518-4595-B3EA-3CBD0F89EBCD}: NameServer = 201.33.224.2,201.33.224.3

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4C24AAAF-0756-4C62-93B5-4BCC6B31398E}: NameServer = 201.33.224.2,201.33.224.3

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

    --

    End of file - 4729 bytes

    ComboFix

    ComboFix 07-08-09.3 - "Pedro" 2007-08-10 12:07:43.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.288 [GMT -3:00]

    * Created a new restore point

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\effday.dll

    C:\WINDOWS\lnqpoq.ini

    C:\WINDOWS\qopqnl.dll

    C:\WINDOWS\system32\sstqo.exe

    C:\WINDOWS\yadffe.ini

    ((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))

    2007-08-09 14:41 126,264 --a------ C:\DOCUME~1\ALLUSE~1\DADOSD~1\firstlsp.reg.dat

    2007-08-09 13:44 <DIR> d-------- C:\Arquivos de programas\CCleaner

    2007-08-08 16:28 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

    2007-08-08 14:56 <DIR> d-------- C:\DOCUME~1\Pedro\DADOSD~1\WinPatrol

    2007-08-08 11:43 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

    2007-08-06 14:49 18 --a------ C:\WINDOWS\system32\dnc454108f.dat

    2007-08-06 14:44 51,200 --a------ C:\WINDOWS\nircmd.exe

    2007-08-06 10:54 <DIR> d-------- C:\Arquivos de programas\Trend Micro

    2007-08-06 10:31 92,687 --a------ C:\WINDOWS\system32\msddrv.dll.vir

    2007-08-05 20:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Lavasoft

    2007-08-05 19:51 <DIR> d-------- C:\Arquivos de programas\Marcos Velasco Security

    2007-08-05 13:37 92,730 --a------ C:\WINDOWS\system32\instem.dll.vir

    2007-07-29 17:32 <DIR> d-------- C:\WINDOWS\CSC

    2007-07-29 17:24 <DIR> d--h----- C:\WINDOWS\PIF

    2007-07-28 17:03 8,876,032 --------- C:\WINDOWS\system32\FocusMag.dll

    2007-07-28 17:03 109,056 --a------ C:\WINDOWS\system32\ESFinish.exe

    2007-07-28 17:03 <DIR> d-------- C:\Program Files

    2007-07-27 18:17 <DIR> d-------- C:\Arquivos de programas\Valve

    2007-07-26 20:20 10 --a------ C:\WINDOWS\popcinfo.dat

    2007-07-26 20:19 724,992 --a------ C:\WINDOWS\iun6002.exe

    2007-07-26 20:19 <DIR> d-------- C:\Arquivos de programas\Zuma Deluxe!

    2007-07-24 21:49 <DIR> d-------- C:\Arquivos de programas\K-LiteNitro

    2007-07-18 20:47 <DIR> d-------- C:\Arquivos de programas\Activision

    2007-07-18 18:57 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

    2007-07-18 15:34 61,440 -ra------ C:\WINDOWS\system32\vuins32.dll

    2007-07-18 15:34 43,008 -ra------ C:\WINDOWS\system32\drivers\dlkfet5b.sys

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-08 11:19 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

    2007-08-08 10:58 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

    2007-07-28 17:30 --------- d-------- C:\Arquivos de programas\World of Warcraft

    2007-07-27 15:07 --------- d-------- C:\Arquivos de programas\Desafio Sebrae 2007

    2007-07-20 16:31 --------- d-------- C:\Arquivos de programas\eMule

    2007-07-09 13:26 --------- d-------- C:\DOCUME~1\Pedro\DADOSD~1\Help

    2007-07-09 11:32 150 --ahs---- C:\WINDOWS\system32\3293843599.dat

    2007-07-05 19:33 --------- d-------- C:\Arquivos de programas\Snes.net

    2007-06-30 22:41 --------- d-------- C:\DOCUME~1\Pedro\DADOSD~1\ParentalControl

    2007-06-30 16:45 --------- d-------- C:\Arquivos de programas\Arquivos comuns\PC Tools

    2007-06-22 20:31 --------- d-------- C:\Arquivos de programas\Tomb Raider - Anniversary

    2007-06-18 11:11 --------- dr-h----- C:\DOCUME~1\Pedro\DADOSD~1\SecuROM

    2007-06-12 06:02 376832 --a------ C:\WINDOWS\winb.exe

    2007-06-02 13:06 56 -r-hs---- C:\WINDOWS\system32\C5A761B388.sys

    2007-06-02 13:06 10022 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

    2007-05-30 17:42 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

    2007-05-19 17:21 49586 --a------ C:\WINDOWS\system32\perfc016.dat

    2007-05-19 17:21 347294 --a------ C:\WINDOWS\system32\perfh016.dat

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]

    "AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-05-14 12:11]

    "!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-08 16:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

    "MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

    C:\Documents and Settings\Pedro\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-29 17:09:16]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-29 17:09:16]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "DisableClock"=0 (0x0)

    "NoDispCPL"=0 (0x0)

    "DisableRegistryTools"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoSaveSettings"=0 (0x0)

    "NoMultiIE"=0 (0x0)

    "LWA"=0 (0x0)

    "LWB"=0 (0x0)

    "LWC"=0 (0x0)

    "LWD"=0 (0x0)

    "LWE"=0 (0x0)

    "LWF"=0 (0x0)

    "LWG"=0 (0x0)

    "LWH"=0 (0x0)

    "LWI"=0 (0x0)

    "LWJ"=0 (0x0)

    "LWK"=0 (0x0)

    "LWL"=0 (0x0)

    "LWM"=0 (0x0)

    "LWN"=0 (0x0)

    "LWO"=0 (0x0)

    "LWP"=0 (0x0)

    "LWQ"=0 (0x0)

    "LWR"=0 (0x0)

    "LWS"=0 (0x0)

    "LWT"=0 (0x0)

    "LWU"=0 (0x0)

    "LWV"=0 (0x0)

    "LWW"=0 (0x0)

    "LWX"=0 (0x0)

    "LWY"=0 (0x0)

    "LWZ"=0 (0x0)

    R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys

    R2 nhksrv;Netropa NHK Server;C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

    R3 cwrwdm;SoundFusion WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys

    R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys

    S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys

    S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\slnt.sys

    Contents of the 'Scheduled Tasks' folder

    2007-08-07 03:00:00 C:\WINDOWS\Tasks\At1.job

    2007-07-22 12:00:00 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-08 13:00:00 C:\WINDOWS\Tasks\At11.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-10 14:00:00 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-10 15:00:00 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-09 16:00:00 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-09 17:00:00 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-09 18:00:07 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-09 19:00:00 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-09 20:00:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-09 21:00:00 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-07-22 04:00:00 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-09 22:00:00 C:\WINDOWS\Tasks\At20.job

    2007-08-09 23:00:00 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-10 00:00:00 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-09 01:00:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-10 02:00:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-07 03:01:01 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At26.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At28.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-06-29 14:34:45 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At32.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-05 15:56:41 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-08 13:01:49 C:\WINDOWS\Tasks\At35.job

    2007-08-10 14:00:00 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-10 15:00:00 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-09 16:01:48 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-09 17:01:45 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-06-29 14:34:45 C:\WINDOWS\Tasks\At4.job

    2007-08-09 18:00:07 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-09 19:00:00 C:\WINDOWS\Tasks\At41.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-09 20:00:00 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-09 21:00:01 C:\WINDOWS\Tasks\At43.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-09 22:00:00 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-09 23:00:00 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-10 00:00:00 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-09 01:01:00 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-08-10 02:00:00 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\6cvty7Vo.exe

    2007-06-29 14:34:45 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-06-29 14:34:45 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-06-29 14:34:45 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-06-29 14:34:45 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\3UuXA5yd.exe

    2007-08-05 11:00:00 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\3UuXA5yd.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-08-10 12:10:44

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-10 12:11:50 - machine was rebooted

    C:\ComboFix-quarantined-files.txt ... 2007-08-10 12:11

    --- E O F ---

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    junior_pr,

    @- Faça o download do(s) programa(s) relacionado(s) abaixo, mas não execute ainda.

    - Copie as instruções para o bloco de notas ou imprima!

    @- Faça a descompactação e execute a Ferramenta avenger.exe. Confirme: OK.

    • Dentre as opções em "Script file to execute", selecione "Input Script Manually".
    • Clique no ícone da lupa.
    • Copie (Ctrl+C) o conteúdo (em vermelho) do "Código" abaixo e cole-o (Ctrl+V) em "View/edit script".
      [color=#993300][b]Files to delete:
      C:\WINDOWS\Tasks\At1.job
      C:\WINDOWS\Tasks\At10.job
      C:\WINDOWS\Tasks\At11.job
      C:\WINDOWS\Tasks\At12.job
      C:\WINDOWS\Tasks\At13.job
      C:\WINDOWS\Tasks\At14.job
      C:\WINDOWS\Tasks\At15.job
      C:\WINDOWS\Tasks\At16.job
      C:\WINDOWS\Tasks\At17.job
      C:\WINDOWS\Tasks\At18.job
      C:\WINDOWS\Tasks\At19.job
      C:\WINDOWS\Tasks\At2.job
      C:\WINDOWS\Tasks\At20.job
      C:\WINDOWS\Tasks\At21.job
      C:\WINDOWS\Tasks\At22.job
      C:\WINDOWS\Tasks\At23.job
      C:\WINDOWS\Tasks\At24.job
      C:\WINDOWS\Tasks\At25.job
      C:\WINDOWS\Tasks\At26.job
      C:\WINDOWS\Tasks\At27.job
      C:\WINDOWS\Tasks\At28.job
      C:\WINDOWS\Tasks\At29.job
      C:\WINDOWS\Tasks\At3.job
      C:\WINDOWS\Tasks\At30.job
      C:\WINDOWS\Tasks\At31.job
      C:\WINDOWS\Tasks\At32.job
      C:\WINDOWS\Tasks\At33.job
      C:\WINDOWS\Tasks\At34.job
      C:\WINDOWS\Tasks\At35.job
      C:\WINDOWS\Tasks\At36.job
      C:\WINDOWS\Tasks\At37.job
      C:\WINDOWS\Tasks\At38.job
      C:\WINDOWS\Tasks\At39.job
      C:\WINDOWS\Tasks\At4.job
      C:\WINDOWS\Tasks\At40.job
      C:\WINDOWS\Tasks\At41.job
      C:\WINDOWS\Tasks\At42.job
      C:\WINDOWS\Tasks\At43.job
      C:\WINDOWS\Tasks\At44.job
      C:\WINDOWS\Tasks\At45.job
      C:\WINDOWS\Tasks\At46.job
      C:\WINDOWS\Tasks\At47.job
      C:\WINDOWS\Tasks\At48.job
      C:\WINDOWS\Tasks\At5.job
      C:\WINDOWS\Tasks\At6.job
      C:\WINDOWS\Tasks\At7.job
      C:\WINDOWS\Tasks\At8.job
      C:\WINDOWS\Tasks\At9.job
      C:\WINDOWS\system32\3UuXA5yd.exe
      C:\WINDOWS\system32\6cvty7Vo.exe
      C:\WINDOWS\system32\dnc454108f.dat
      c:\windows\system32\pmnnooo.dll
      C:\WINDOWS\SYSTEM32\cat594.dll
      C:\WINDOWS\iun6002.exe[/b][/color]

    • Clique em "Done".
    • Clique no ícone do semáforo para começar o script de remoção. Confirme: OK.

    - O computador reiniciará automaticamente. Já reinicie em modo normal, ok?

    - Log reservado: C:\avenger.txt

    @- Reinicie em modo normal.

    @- Veja se o problema continua, copie os logs do Hijack (atualizado), Avenger.txt e cole-os na sequência.

    Mr. Coruj@

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Mr. Coruj@

    Realizei o procedimento que você me pediu, acho que agora o computador ta beleza, muito obrigado pela sua ajuda, abaixo segue os log solicitados.

    Abraço !

    HijackThis

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 11:49:54, on 12/8/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Arquivos de programas\internet explorer\iexplore.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wln.com.br/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F97D805-C518-4595-B3EA-3CBD0F89EBCD}: NameServer = 201.33.224.2,201.33.224.3

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4C24AAAF-0756-4C62-93B5-4BCC6B31398E}: NameServer = 201.33.224.2,201.33.224.3

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

    Avenger

    Logfile of The Avenger version 1, by Swandog46

    Running from registry key:

    \Registry\Machine\System\CurrentControlSet\Services\sjbqjevn

    *******************

    Script file located at: \??\C:\Documents and Settings\psudmxm^.txt

    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\Tasks\At1.job deleted successfully.

    File C:\WINDOWS\Tasks\At10.job deleted successfully.

    File C:\WINDOWS\Tasks\At11.job deleted successfully.

    File C:\WINDOWS\Tasks\At12.job deleted successfully.

    File C:\WINDOWS\Tasks\At13.job deleted successfully.

    File C:\WINDOWS\Tasks\At14.job deleted successfully.

    File C:\WINDOWS\Tasks\At15.job deleted successfully.

    File C:\WINDOWS\Tasks\At16.job deleted successfully.

    File C:\WINDOWS\Tasks\At17.job deleted successfully.

    File C:\WINDOWS\Tasks\At18.job deleted successfully.

    File C:\WINDOWS\Tasks\At19.job deleted successfully.

    File C:\WINDOWS\Tasks\At2.job deleted successfully.

    File C:\WINDOWS\Tasks\At20.job deleted successfully.

    File C:\WINDOWS\Tasks\At21.job deleted successfully.

    File C:\WINDOWS\Tasks\At22.job deleted successfully.

    File C:\WINDOWS\Tasks\At23.job deleted successfully.

    File C:\WINDOWS\Tasks\At24.job deleted successfully.

    File C:\WINDOWS\Tasks\At25.job deleted successfully.

    File C:\WINDOWS\Tasks\At26.job deleted successfully.

    File C:\WINDOWS\Tasks\At27.job deleted successfully.

    File C:\WINDOWS\Tasks\At28.job deleted successfully.

    File C:\WINDOWS\Tasks\At29.job deleted successfully.

    File C:\WINDOWS\Tasks\At3.job deleted successfully.

    File C:\WINDOWS\Tasks\At30.job deleted successfully.

    File C:\WINDOWS\Tasks\At31.job deleted successfully.

    File C:\WINDOWS\Tasks\At32.job deleted successfully.

    File C:\WINDOWS\Tasks\At33.job deleted successfully.

    File C:\WINDOWS\Tasks\At34.job deleted successfully.

    File C:\WINDOWS\Tasks\At35.job deleted successfully.

    File C:\WINDOWS\Tasks\At36.job deleted successfully.

    File C:\WINDOWS\Tasks\At37.job deleted successfully.

    File C:\WINDOWS\Tasks\At38.job deleted successfully.

    File C:\WINDOWS\Tasks\At39.job deleted successfully.

    File C:\WINDOWS\Tasks\At4.job deleted successfully.

    File C:\WINDOWS\Tasks\At40.job deleted successfully.

    File C:\WINDOWS\Tasks\At41.job deleted successfully.

    File C:\WINDOWS\Tasks\At42.job deleted successfully.

    File C:\WINDOWS\Tasks\At43.job deleted successfully.

    File C:\WINDOWS\Tasks\At44.job deleted successfully.

    File C:\WINDOWS\Tasks\At45.job deleted successfully.

    File C:\WINDOWS\Tasks\At46.job deleted successfully.

    File C:\WINDOWS\Tasks\At47.job deleted successfully.

    File C:\WINDOWS\Tasks\At48.job deleted successfully.

    File C:\WINDOWS\Tasks\At5.job deleted successfully.

    File C:\WINDOWS\Tasks\At6.job deleted successfully.

    File C:\WINDOWS\Tasks\At7.job deleted successfully.

    File C:\WINDOWS\Tasks\At8.job deleted successfully.

    File C:\WINDOWS\Tasks\At9.job deleted successfully.

    File C:\WINDOWS\system32\3UuXA5yd.exe not found!

    Deletion of file C:\WINDOWS\system32\3UuXA5yd.exe failed!

    Could not process line:

    C:\WINDOWS\system32\3UuXA5yd.exe

    Status: 0xc0000034

    File C:\WINDOWS\system32\6cvty7Vo.exe not found!

    Deletion of file C:\WINDOWS\system32\6cvty7Vo.exe failed!

    Could not process line:

    C:\WINDOWS\system32\6cvty7Vo.exe

    Status: 0xc0000034

    File C:\WINDOWS\system32\dnc454108f.dat deleted successfully.

    File c:\windows\system32\pmnnooo.dll not found!

    Deletion of file c:\windows\system32\pmnnooo.dll failed!

    Could not process line:

    c:\windows\system32\pmnnooo.dll

    Status: 0xc0000034

    File C:\WINDOWS\SYSTEM32\cat594.dll not found!

    Deletion of file C:\WINDOWS\SYSTEM32\cat594.dll failed!

    Could not process line:

    C:\WINDOWS\SYSTEM32\cat594.dll

    Status: 0xc0000034

    File C:\WINDOWS\iun6002.exe deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    junior_pr, poderia gerar um novo log do ComboFix? Assim será possível saber se está realmente limpo. Falou?

    Um forte abraço,

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Mr. Coruj@

    Aí vai o log que você me pediu do Combofix e estou colocando tambem um log q surgiu junto com arquivos de quarentena, não sei se é nescessario mas aí vai eles, obrigado pela ajuda, abraço !!!!!!

    ComboFix 07-08-09.3 - "Pedro" 2007-08-13 16:20:26.3 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.304 [GMT -3:00]

    ((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))

    2007-08-12 01:38 <DIR> d-------- C:\Arquivos de programas\LS-Sistemas

    2007-08-09 14:41 126,264 --a------ C:\DOCUME~1\ALLUSE~1\DADOSD~1\firstlsp.reg.dat

    2007-08-09 13:44 <DIR> d-------- C:\Arquivos de programas\CCleaner

    2007-08-08 16:28 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

    2007-08-08 14:56 <DIR> d-------- C:\DOCUME~1\Pedro\DADOSD~1\WinPatrol

    2007-08-08 11:43 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

    2007-08-06 14:44 51,200 --a------ C:\WINDOWS\nircmd.exe

    2007-08-06 10:54 <DIR> d-------- C:\Arquivos de programas\Trend Micro

    2007-08-06 10:31 92,687 --a------ C:\WINDOWS\system32\msddrv.dll.vir

    2007-08-05 20:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Lavasoft

    2007-08-05 19:51 <DIR> d-------- C:\Arquivos de programas\Marcos Velasco Security

    2007-08-05 13:37 92,730 --a------ C:\WINDOWS\system32\instem.dll.vir

    2007-07-29 17:32 <DIR> d-------- C:\WINDOWS\CSC

    2007-07-29 17:24 <DIR> d--h----- C:\WINDOWS\PIF

    2007-07-28 17:03 8,876,032 --------- C:\WINDOWS\system32\FocusMag.dll

    2007-07-28 17:03 109,056 --a------ C:\WINDOWS\system32\ESFinish.exe

    2007-07-28 17:03 <DIR> d-------- C:\Program Files

    2007-07-27 18:17 <DIR> d-------- C:\Arquivos de programas\Valve

    2007-07-26 20:20 10 --a------ C:\WINDOWS\popcinfo.dat

    2007-07-26 20:19 <DIR> d-------- C:\Arquivos de programas\Zuma Deluxe!

    2007-07-24 21:49 <DIR> d-------- C:\Arquivos de programas\K-LiteNitro

    2007-07-18 20:47 <DIR> d-------- C:\Arquivos de programas\Activision

    2007-07-18 18:57 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

    2007-07-18 15:34 61,440 -ra------ C:\WINDOWS\system32\vuins32.dll

    2007-07-18 15:34 43,008 -ra------ C:\WINDOWS\system32\drivers\dlkfet5b.sys

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-08 11:19 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

    2007-08-08 10:58 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

    2007-07-28 17:30 --------- d-------- C:\Arquivos de programas\World of Warcraft

    2007-07-27 15:07 --------- d-------- C:\Arquivos de programas\Desafio Sebrae 2007

    2007-07-20 16:31 --------- d-------- C:\Arquivos de programas\eMule

    2007-07-09 13:26 --------- d-------- C:\DOCUME~1\Pedro\DADOSD~1\Help

    2007-07-09 11:32 150 --ahs---- C:\WINDOWS\system32\3293843599.dat

    2007-07-05 19:33 --------- d-------- C:\Arquivos de programas\Snes.net

    2007-06-30 22:41 --------- d-------- C:\DOCUME~1\Pedro\DADOSD~1\ParentalControl

    2007-06-30 16:45 --------- d-------- C:\Arquivos de programas\Arquivos comuns\PC Tools

    2007-06-22 20:31 --------- d-------- C:\Arquivos de programas\Tomb Raider - Anniversary

    2007-06-18 11:11 --------- dr-h----- C:\DOCUME~1\Pedro\DADOSD~1\SecuROM

    2007-06-12 06:02 376832 --a------ C:\WINDOWS\winb.exe

    2007-06-02 13:06 56 -r-hs---- C:\WINDOWS\system32\C5A761B388.sys

    2007-06-02 13:06 10022 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

    2007-05-30 17:42 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

    2007-05-19 17:21 49586 --a------ C:\WINDOWS\system32\perfc016.dat

    2007-05-19 17:21 347294 --a------ C:\WINDOWS\system32\perfh016.dat

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]

    "AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-05-14 12:11]

    "!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-08 16:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

    "MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

    "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56]

    C:\Documents and Settings\Pedro\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-29 17:09:16]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-29 17:09:16]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "DisableClock"=0 (0x0)

    "NoDispCPL"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoSaveSettings"=0 (0x0)

    "NoMultiIE"=0 (0x0)

    "LWA"=0 (0x0)

    "LWB"=0 (0x0)

    "LWC"=0 (0x0)

    "LWD"=0 (0x0)

    "LWE"=0 (0x0)

    "LWF"=0 (0x0)

    "LWG"=0 (0x0)

    "LWH"=0 (0x0)

    "LWI"=0 (0x0)

    "LWJ"=0 (0x0)

    "LWK"=0 (0x0)

    "LWL"=0 (0x0)

    "LWM"=0 (0x0)

    "LWN"=0 (0x0)

    "LWO"=0 (0x0)

    "LWP"=0 (0x0)

    "LWQ"=0 (0x0)

    "LWR"=0 (0x0)

    "LWS"=0 (0x0)

    "LWT"=0 (0x0)

    "LWU"=0 (0x0)

    "LWV"=0 (0x0)

    "LWW"=0 (0x0)

    "LWX"=0 (0x0)

    "LWY"=0 (0x0)

    "LWZ"=0 (0x0)

    R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys

    R2 nhksrv;Netropa NHK Server;C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

    R3 cwrwdm;SoundFusion WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys

    R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys

    S0 cbvayjan;cbvayjan;C:\WINDOWS\system32\drivers\evgvusar.sys

    S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys

    S3 LimitsPM;Limits Process Monitor;\??\C:\WINDOWS\TEMP\TMP5.tmp

    S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\slnt.sys

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-08-13 16:21:51

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-13 16:22:40

    C:\ComboFix-quarantined-files.txt ... 2007-08-13 16:22

    --- E O F ---


    2007-08-05 19:35 131433 --a------ C:\Qoobox\Quarantine\C\WINDOWS\qopqnl.dll.vir
    2007-08-06 14:44 1342566 --a------ C:\Qoobox\Quarantine\C\WINDOWS\lnqpoq.ini.vir
    2007-08-06 14:49 105428 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sstqo.exe.vir
    2007-08-09 10:58 1199950 --a------ C:\Qoobox\Quarantine\C\WINDOWS\yadffe.ini.vir
    2007-08-09 10:58 131425 --a------ C:\Qoobox\Quarantine\C\WINDOWS\effday.dll.vir

    Quarantena

    Listagem de caminhos de pasta
    O n£mero de s‚rie do volume ‚ C454-108F
    C:\QOOBOX
    \---Quarantine
    +---C
    | \---WINDOWS
    | | effday.dll.vir
    | | lnqpoq.ini.vir
    | | qopqnl.dll.vir
    | | yadffe.ini.vir
    | |
    | \---system32
    | sstqo.exe.vir
    |
    \---Registry_backups

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    junior_pr,

    O seu log está LIMPO! Mais algum problema relacionado com os malwares?

    Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

    Poderá clicar no botão REPORTAR, informar ao moderador da área que o problema foi resolvido e que o tópico já pode ser fechado.

    Conte sempre com a ajuda do pessoal do fórum do Clube do Hardware.

    Obrigado pelo retorno e um forte abraço!

    _________________________________

    Mr. Coruj@

    Botão Reportar: (report.gif /report.gif)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×