Ir ao conteúdo
  • Cadastre-se
thais-zinha

meu e-mail esta enviando virus convite

Recommended Posts

Obrigada.

vou te enviar meu log se você puder analise por favor.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:35:46, on 3/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\ccprovsp.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\WINDOWS\system32\oobe\spoolsv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jucheck.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Banco do Brasil S.A. - {546D0BB7-6894-48D2-89EB-DFABF5E4EC7D} - C:\WINDOWS\system32\oobe\msobe.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: (no name) - {CCBE0C35-4B48-40FC-ADE6-77EE8F7A8278} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [cctray] "C:\Arquivos de programas\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [QOELOADER] "C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O23 - Service: CaCCProvSP - CA, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Arquivos de programas\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

aparece uma tela preta escrito algumas coisas sendo que não da para slvar em desktop.

o que aparece é

As per the instructions you would have received, kindly ensure any onboard

script blocking tools have been disabled for they shall interfere with DDS.

DDS is a non-invasive diagnostic tool.

- DDS makes no registry writes/changes

- DDS does not create any permanent files/folders.

This scan should not take longer than three minutes to complete.

When the scan is complete, a logfile/report shall pop open.

Post the contents of the logfile to the forum where it was requested

We only require it to run just once. Dispose after use.

NAO SEI O QUE FAZER SE você PUDER ME DIGA COMO CONSIGO SALVAR N DESKTOP.

OBRIGADA

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, algo está impedindo a ferramenta de rodar.

  • Faça o download do RSIT - random's system information tool by random/random e salve no seu desktop.
  • Duplo clique em RSIT.exe para a ferramenta ser executada.
  • Na janela que abrir (disclamer), clique em Continue.
  • Quando a ferramenta terminar de rodar, abrirá um documento do Bloco de Notas contendo o resultado do scan. Por favor cole o resultado desse log (log.txt) na sua próxima resposta.
  • Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of random's system information tool 1.04 (written by random/random)

Run by ELYSA at 2008-12-03 22:15:36

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 28 GB (74%) free of 38 GB

Total RAM: 247 MB (4% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:16:23, on 3/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Arquivos de programas\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\ccprovsp.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\oobe\spoolsv.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jucheck.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\ELYSA\Configurações locais\Temporary Internet Files\Content.IE5\NBRRKPP4\RSIT[1].exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Trend Micro\HijackThis\ELYSA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Banco do Brasil S.A. - {546D0BB7-6894-48D2-89EB-DFABF5E4EC7D} - C:\WINDOWS\system32\oobe\msobe.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: (no name) - {CCBE0C35-4B48-40FC-ADE6-77EE8F7A8278} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [cctray] "C:\Arquivos de programas\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [QOELOADER] "C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O23 - Service: CaCCProvSP - CA, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Arquivos de programas\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--

End of file - 8185 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as ELYSA at 17 51.job

C:\WINDOWS\tasks\system32.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{546D0BB7-6894-48D2-89EB-DFABF5E4EC7D}]

GbiehObj Class - C:\WINDOWS\system32\oobe\msobe.dll [2008-11-29 822784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\arquivos de programas\google\googletoolbar1.dll [2007-08-12 2423872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-22 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCBE0C35-4B48-40FC-ADE6-77EE8F7A8278}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

"HP Software Update"=C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

"PCSuiteTrayApplication"=C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-04-26 237568]

"cctray"=C:\Arquivos de programas\CA\CA Internet Security Suite\cctray\cctray.exe [2008-11-03 247024]

"CAVRID"=C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2008-11-03 234736]

"QOELOADER"=C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe [2008-11-03 14088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-12 68856]

"PcSync"=C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-04-11 1409024]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

C:\WINDOWS\system32\hkcmd.exe [2006-04-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

C:\WINDOWS\system32\igfxpers.exe [2006-04-12 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Okay Does Loud Hide]

C:\Documents and Settings\All Users\Dados de aplicativos\newfindokaydoes\first base.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

C:\WINDOWS\RTHDCPL.EXE [2005-12-08 15691264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

C:\WINDOWS\sm56hlpr.exe [2006-01-26 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\surf eq]

C:\DOCUME~1\ELYSA\DADOSD~1\ENC01~1\PollLog.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

C:\ARQUIV~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

C:\ARQUIV~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\ELYSA\Menu Iniciar\Programas\Inicializar

Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk - C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2006-04-12 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\LimeWire\LimeWire.exe"="C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ffea0cd-df2f-11dc-83cb-001485d35182}]

shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e884bbd7-eb81-11dc-840f-001485d35182}]

shell\AutoRun\command - E:\krg62.cmd

shell\explore\command - E:\krg62.cmd

shell\open\command - E:\krg62.cmd

======List of files/folders created in the last 1 months======

2008-12-03 22:15:36 ----D---- C:\rsit

2008-12-01 20:20:23 ----D---- C:\Arquivos de programas\Yahoo!

2008-12-01 20:20:00 ----D---- C:\Arquivos de programas\CCleaner

2008-12-01 19:32:58 ----D---- C:\Arquivos de programas\filehippo.com

2008-11-12 09:39:24 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-12 09:39:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-12 09:39:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-11-05 19:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

2008-11-04 23:41:43 ----D---- C:\WINDOWS\Prefetch

2008-11-04 23:37:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2008-11-04 23:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-11-04 23:36:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-11-04 23:34:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-11-04 23:32:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-11-04 23:30:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2008-11-04 23:29:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2008-11-04 23:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2008-11-04 23:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$

2008-11-04 23:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2008-11-04 23:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$

2008-11-04 23:26:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2008-11-04 23:25:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2008-11-04 23:23:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2008-11-04 23:21:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$

2008-11-04 23:19:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

2008-11-04 23:14:08 ----D---- C:\WINDOWS\l2schemas

2008-11-04 23:14:07 ----D---- C:\WINDOWS\system32\bits

2008-11-04 23:10:11 ----D---- C:\WINDOWS\ServicePackFiles

2008-11-04 22:59:36 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2008-11-04 22:59:25 ----D---- C:\WINDOWS\EHome

======List of files/folders modified in the last 1 months======

2008-12-03 22:16:22 ----D---- C:\WINDOWS\system32\oobe

2008-12-03 21:57:14 ----D---- C:\WINDOWS\system32

2008-12-03 21:57:14 ----D---- C:\WINDOWS

2008-12-03 21:53:08 ----D---- C:\WINDOWS\system32\drivers

2008-12-03 21:49:41 ----D---- C:\WINDOWS\Temp

2008-12-03 16:57:37 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-02 20:52:27 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-02 20:52:21 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-02 19:10:41 ----HD---- C:\WINDOWS\inf

2008-12-02 19:10:28 ----D---- C:\WINDOWS\Help

2008-12-02 10:42:57 ----RD---- C:\Arquivos de programas

2008-12-01 21:52:21 ----D---- C:\WINDOWS\Microsoft.NET

2008-12-01 21:52:20 ----RSD---- C:\WINDOWS\assembly

2008-12-01 20:42:47 ----D---- C:\WINDOWS\Debug

2008-12-01 19:32:39 ----SHD---- C:\WINDOWS\Installer

2008-12-01 19:32:36 ----HD---- C:\Config.Msi

2008-12-01 19:32:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-12-01 19:25:06 ----D---- C:\WINDOWS\WinSxS

2008-11-21 13:55:05 ----D---- C:\Documents and Settings\ELYSA\Dados de aplicativos\Image Zone Express

2008-11-21 13:55:04 ----D---- C:\Documents and Settings\ELYSA\Dados de aplicativos\Printer Info Cache

2008-11-12 09:39:23 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-04 23:41:08 ----D---- C:\WINDOWS\system32\Setup

2008-11-04 23:41:08 ----D---- C:\WINDOWS\AppPatch

2008-11-04 23:41:07 ----D---- C:\WINDOWS\system32\wbem

2008-11-04 23:41:06 ----RSD---- C:\WINDOWS\Fonts

2008-11-04 23:37:47 ----D---- C:\WINDOWS\system32\CatRoot

2008-11-04 23:24:29 ----D---- C:\WINDOWS\security

2008-11-04 23:21:32 ----D---- C:\Arquivos de programas\Messenger

2008-11-04 23:14:38 ----D---- C:\WINDOWS\network diagnostic

2008-11-04 23:14:38 ----D---- C:\WINDOWS\ime

2008-11-04 23:14:12 ----D---- C:\WINDOWS\system32\pt-br

2008-11-04 23:14:11 ----D---- C:\WINDOWS\system32\usmt

2008-11-04 23:14:07 ----D---- C:\WINDOWS\PeerNet

2008-11-04 23:14:06 ----D---- C:\Arquivos de programas\Movie Maker

2008-11-04 23:14:05 ----D---- C:\WINDOWS\Media

2008-11-04 23:10:02 ----D---- C:\WINDOWS\system32\Restore

2008-11-04 23:10:02 ----D---- C:\WINDOWS\system32\npp

2008-11-04 23:10:00 ----D---- C:\WINDOWS\msagent

2008-11-04 23:09:58 ----D---- C:\WINDOWS\srchasst

2008-11-04 23:09:57 ----D---- C:\Arquivos de programas\NetMeeting

2008-11-04 23:09:55 ----D---- C:\WINDOWS\system32\Com

2008-11-04 23:09:51 ----D---- C:\Arquivos de programas\Windows Media Player

2008-11-04 23:09:47 ----D---- C:\Arquivos de programas\Windows NT

2008-11-04 23:09:46 ----D---- C:\Arquivos de programas\Outlook Express

2008-11-04 23:09:42 ----D---- C:\Arquivos de programas\Arquivos comuns\System

2008-11-04 23:09:18 ----D---- C:\WINDOWS\system

2008-11-04 23:04:42 ----D---- C:\WINDOWS\system32\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-11-03 880560]

R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2008-11-03 21488]

R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2008-11-03 26352]

R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2008-11-03 32240]

R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2008-11-03 21104]

R3 AR5211;Gigabyte Super Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-12 487552]

R3 Arp1394;Protocolo cliente 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-04-12 1166972]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-08 4123136]

R3 NIC1394;Driver de rede 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-01-26 854728]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-12 191168]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-11-03 108368]

R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-04-12 244608]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SoC PC-Camera Service;SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-07-28 136576]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 UXDCMN;UXDCMN; \??\C:\SYSPREP\WST\UXDCMN.SYS []

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CAISafe;CAISafe; C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2008-11-03 144696]

R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Arquivos de programas\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-09-26 283912]

R2 VETMSGNT;VET Message Service; C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2008-11-03 255216]

R3 CaCCProvSP;CaCCProvSP; C:\Arquivos de programas\CA\CA Internet Security Suite\ccprovsp.exe [2008-11-03 214256]

R3 PPCtlPriv;PPCtlPriv; C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-11-03 185584]

R3 ServiceLayer;ServiceLayer; C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640]

R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-12 138168]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

info.txt logfile of random's system information tool 1.04 2008-12-03 22:16:30

======Uninstall list======

-->C:\WINDOWS\IsUn0416.exe -f"C:\Arquivos de programas\Motorola Inc.\Motorola USB Modem Installation\Uninst.isu"

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x416 -removeonly

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x416 /cont -removeonly

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x416 -removeonly

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x416 -removeonly

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x416 -removeonly

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x416 -removeonly

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x416 -removeonly

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x416 -removeonly

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x416 -removeonly

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware SE Personal-->C:\ARQUIV~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\ARQUIV~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}

Adobe Reader 7.1.0 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A71000000002}

Assistente de Conexão do Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Atualização de Segurança para o Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf

Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

CA Anti-Spyware-->"C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spyware\setup\ccinstaller.exe" /u /silent /module="pp"

CA Anti-Virus-->C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\unvet32.exe

CA Internet Security Suite-->"C:\Arquivos de programas\CA\CA Internet Security Suite\caunst.exe" /u

CA Pest Patrol Realtime Protection-->MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\arquivos de programas\google\googletoolbar1.dll"

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

HP Customer Participation Program 7.0-->C:\Arquivos de programas\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Driver Diagnostics-->MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3}

HP Imaging Device Functions 7.0-->C:\Arquivos de programas\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}

HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat

HP Solution Center 7.0-->C:\Arquivos de programas\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}

InstantON-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E6707034-D7A4-49B1-94D0-F5AACE46F06C}\setup.exe"

Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2

J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

LimeWire 4.16.6-->"C:\Arquivos de programas\LimeWire\uninstall.exe"

Messenger Plus! Live & Sponsor (CiD)-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack-->MsiExec.exe /X{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Excel 2000-->MsiExec.exe /I{00110416-78E1-11D2-B60F-006097C998E7}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office 2000 Premium-->MsiExec.exe /I{00000416-78E1-11D2-B60F-006097C998E7}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Word 2000-->MsiExec.exe /I{00170416-78E1-11D2-B60F-006097C998E7}

Motorola SM56 Data Fax Modem-->rundll32.exe sm56co.dll,SM56UnInstaller

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Multimedia Keyboard Driver Uninstall-->UninstIt.exe CNK001.ini

Nokia Connectivity Cable Driver-->MsiExec.exe /X{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7}

Nokia PC Connectivity Solution-->MsiExec.exe /I{588AA47B-9115-44D3-B2E5-4F10BC659D6C}

Nokia PC Suite-->MsiExec.exe /I{77296E63-8C19-462B-ABA1-F510750A8C51}

OCR Software by I.R.I.S 7.0-->C:\Arquivos de programas\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

OpenOffice.org 2.0-->MsiExec.exe /I{0B83E00B-DEE3-44F8-97F9-0E75550EAA7D}

PC Camera-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{02BD1C19-5946-4420-BAE3-F742686B3D43} /l2070

PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Sony Picture Utility-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x416 /removeonly uninstall -removeonly

Sony USB Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x816 UNINSTALL -removeonly

Spybot - Search & Destroy 1.4-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins000.exe"

Synaptics Pointing Device Driver-->rundll32.exe "C:\Arquivos de programas\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)-->C:\ARQUIV~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687\nokbtmdm.inf

Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}

Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->C:\Arquivos de programas\WinRAR\uninstall.exe

Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\ARQUIV~1\Yahoo!\Common\YINSTH~1.DLL

=====HijackThis Backups=====

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

======Hosts File======

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

======Security center information======

AV: CA Anti-Virus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel

"PROCESSOR_REVISION"=0e08

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"PROCESSOR_DUMP"=1

"PROCESSOR_CORE"=87

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Faça o download de OTMoveIt3 by OldTimer e salve no desktop.

Duplo-Clique no icone otmi3desktopicon.png que está no seu desktop.

Copie o texto que está abaixo dentro do "Code" e cole na área abaixo de pasteline.png:


:processes
explorer.exe
:files
C:\WINDOWS\system32\oobe\msobe.dll
C:\Documents and Settings\All Users\Dados de aplicativos\newfindokaydoes
C:\DOCUME~1\ELYSA\DADOSD~1\ENC01~1
C:\WINDOWS\tasks\system32.job
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{546D0BB7-6894-48D2-89EB-DFABF5E4EC7D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCBE0C35-4B48-40FC-ADE6-77EE8F7A8278}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Okay Does Loud Hide]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\surf eq]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ffea0cd-df2f-11dc-83cb-001485d35182}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e884bbd7-eb81-11dc-840f-001485d35182}]
:commands
[EmptyTemp]
[Reboot]

Clique agora no botão btnmoveit.png

Caso apareça o aviso para reiniciar o computador, faça isso.

Na sua proxima resposta, copie e cole o todo o conteúdo que está em results.png

Gere e cole também um novo log do HijackThis

Se o computador reiniciou e não lhe foi possível copiar o resultado, abra o Bloco de Notas (Iniciar ~> Programs ~> Acessorios ~> Bloco de Notas), clique em Arquivo ~> Abrir e na caixa "Nome do Arquivo", coloque *.log e dê enter; Procure a pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

C:\WINDOWS\system32\oobe\msobe.dll unregistered successfully.

File move failed. C:\WINDOWS\system32\oobe\msobe.dll scheduled to be moved on reboot.

File/Folder C:\Documents and Settings\All Users\Dados de aplicativos\newfindokaydoes not found.

File/Folder C:\DOCUME~1\ELYSA\DADOSD~1\ENC01~1 not found.

C:\WINDOWS\tasks\system32.job moved successfully.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{546D0BB7-6894-48D2-89EB-DFABF5E4EC7D}\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCBE0C35-4B48-40FC-ADE6-77EE8F7A8278}\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Okay Does Loud Hide\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\surf eq\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ffea0cd-df2f-11dc-83cb-001485d35182}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e884bbd7-eb81-11dc-840f-001485d35182}\\ deleted successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\ELYSA\CONFIG~1\Temp\~DFEC13.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ELYSA\CONFIG~1\Temp\~DFEF4E.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ELYSA\CONFIG~1\Temp\~DFF044.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

Temp folders emptied.

Error: Unable to interpret <[Reboot]Clique agora no botão > in the current context!

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12042008_102303

Files moved on Reboot...

C:\WINDOWS\system32\oobe\msobe.dll unregistered successfully.

C:\WINDOWS\system32\oobe\msobe.dll moved successfully.

C:\DOCUME~1\ELYSA\CONFIG~1\Temp\~DFEC13.tmp moved successfully.

C:\DOCUME~1\ELYSA\CONFIG~1\Temp\~DFEF4E.tmp moved successfully.

C:\DOCUME~1\ELYSA\CONFIG~1\Temp\~DFF044.tmp moved successfully.

E AGORA???

SÓ você PRA ME SALVAR DESSA FURADA OBRIGADA

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of random's system information tool 1.04 (written by random/random)

Run by ELYSA at 2008-12-04 10:45:12

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 28 GB (75%) free of 38 GB

Total RAM: 247 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:45:33, on 4/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Arquivos de programas\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\ccprovsp.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jucheck.exe

C:\Documents and Settings\ELYSA\Configurações locais\Temporary Internet Files\Content.IE5\M7YPZAMU\RSIT[1].exe

C:\Arquivos de programas\Trend Micro\HijackThis\ELYSA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [cctray] "C:\Arquivos de programas\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [QOELOADER] "C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O23 - Service: CaCCProvSP - CA, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Arquivos de programas\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--

End of file - 7691 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as ELYSA at 17 51.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\arquivos de programas\google\googletoolbar1.dll [2007-08-12 2423872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-22 737776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

"HP Software Update"=C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

"PCSuiteTrayApplication"=C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-04-26 237568]

"cctray"=C:\Arquivos de programas\CA\CA Internet Security Suite\cctray\cctray.exe [2008-11-03 247024]

"CAVRID"=C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2008-11-03 234736]

"QOELOADER"=C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe [2008-11-03 14088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-12 68856]

"PcSync"=C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-04-11 1409024]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

C:\WINDOWS\system32\hkcmd.exe [2006-04-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

C:\WINDOWS\system32\igfxpers.exe [2006-04-12 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

C:\WINDOWS\RTHDCPL.EXE [2005-12-08 15691264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

C:\WINDOWS\sm56hlpr.exe [2006-01-26 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

C:\ARQUIV~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

C:\ARQUIV~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\ELYSA\Menu Iniciar\Programas\Inicializar

Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk - C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2006-04-12 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\LimeWire\LimeWire.exe"="C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-04 10:23:03 ----D---- C:\_OTMoveIt

2008-12-03 22:15:36 ----D---- C:\rsit

2008-12-01 20:20:23 ----D---- C:\Arquivos de programas\Yahoo!

2008-12-01 20:20:00 ----D---- C:\Arquivos de programas\CCleaner

2008-12-01 19:32:58 ----D---- C:\Arquivos de programas\filehippo.com

2008-11-12 09:39:24 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-12 09:39:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-12 09:39:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-11-05 19:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

======List of files/folders modified in the last 1 months======

2008-12-04 10:45:18 ----D---- C:\WINDOWS\Prefetch

2008-12-04 10:35:17 ----D---- C:\WINDOWS\system32

2008-12-04 10:35:17 ----D---- C:\WINDOWS

2008-12-04 10:28:28 ----D---- C:\WINDOWS\Temp

2008-12-04 10:28:16 ----D---- C:\WINDOWS\system32\oobe

2008-12-04 10:26:04 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-04 10:23:04 ----SD---- C:\WINDOWS\Tasks

2008-12-04 07:40:07 ----D---- C:\WINDOWS\system32\drivers

2008-12-02 20:52:27 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-02 20:52:21 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-02 19:10:41 ----HD---- C:\WINDOWS\inf

2008-12-02 19:10:28 ----D---- C:\WINDOWS\Help

2008-12-02 10:42:57 ----RD---- C:\Arquivos de programas

2008-12-01 21:52:21 ----D---- C:\WINDOWS\Microsoft.NET

2008-12-01 21:52:20 ----RSD---- C:\WINDOWS\assembly

2008-12-01 20:42:47 ----D---- C:\WINDOWS\Debug

2008-12-01 19:32:39 ----SHD---- C:\WINDOWS\Installer

2008-12-01 19:32:36 ----HD---- C:\Config.Msi

2008-12-01 19:32:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-12-01 19:25:06 ----D---- C:\WINDOWS\WinSxS

2008-11-21 13:55:05 ----D---- C:\Documents and Settings\ELYSA\Dados de aplicativos\Image Zone Express

2008-11-21 13:55:04 ----D---- C:\Documents and Settings\ELYSA\Dados de aplicativos\Printer Info Cache

2008-11-12 09:39:23 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-11-03 880560]

R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2008-11-03 21488]

R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2008-11-03 26352]

R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2008-11-03 32240]

R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2008-11-03 21104]

R3 AR5211;Gigabyte Super Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-12 487552]

R3 Arp1394;Protocolo cliente 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-04-12 1166972]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-08 4123136]

R3 NIC1394;Driver de rede 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-01-26 854728]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-12 191168]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-11-03 108368]

R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-04-12 244608]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SoC PC-Camera Service;SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-07-28 136576]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 UXDCMN;UXDCMN; \??\C:\SYSPREP\WST\UXDCMN.SYS []

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CAISafe;CAISafe; C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2008-11-03 144696]

R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Arquivos de programas\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-09-26 283912]

R2 VETMSGNT;VET Message Service; C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2008-11-03 255216]

R3 CaCCProvSP;CaCCProvSP; C:\Arquivos de programas\CA\CA Internet Security Suite\ccprovsp.exe [2008-11-03 214256]

R3 PPCtlPriv;PPCtlPriv; C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-11-03 185584]

R3 ServiceLayer;ServiceLayer; C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640]

R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-12 138168]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu log está limpo

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Desative e ative novamente a Restauração do Sistema
  • Utilize um navegador alternativo e mais seguro: firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Se não utiliza roteador, utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×