HEUR tróia Generic

**kathymer** · #1 21 de novembro de 2008, 07:18

Olá Pessoal,

Estou escrevendo porque, para um par de dias, agora, estou tendo problemas com esta tão chamada trojan.

Tenho a informação de Hijack Este resultados, alguém pode me ajudar por favor?

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 10:16:57, em 21/11/2008
Plataforma: Windows XP SP3 (WinNT 5/01/2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ WLTRYSVC.EXE
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Arquivos de programa \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Arquivos de programa \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Arquivos de programa \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Arquivos de programa \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Arquivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Toolbox \ StatusClient \ StatusClient.exe
C: \ Arquivos de programa \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Arquivos de programa \ Java \ jre6 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Arquivos de programa \ Windows Desktop Search \ WindowsSearch.exe
C: \ Arquivos de programa \ Microsoft Office \ Office12 \ ONENOTEM.EXE
c: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ Arquivos de programa \ Uniblue \ RegistryBooster \ RegistryBooster.e xe
C: \ Arquivos de programa \ Windows Live \ Messenger \ msnmsgr.exe
C: \ WINDOWS \ explorer.exe
C: \ Arquivos de programa \ Windows Live \ Messenger \ usnsvc.exe
C: \ Arquivos de programa \ Mozilla Firefox \ firefox.exe
C: \ Arquivos de programa \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ HPBPRO.EXE

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Arquivos de programa \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Arquivos de programa \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ Imjpmig.exe" / Spoil / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp]% ProgramFiles% \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Arquivos de programa \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Arquivos de programa \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Arquivos de programa \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [StatusClient] C: \ Arquivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Toolbox \ StatusClient \ StatusClient.exe / auto
O4 - HKLM \ .. \ Run: [TomcatStartup] C: \ Arquivos de programa \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe
O4 - HKLM \ .. \ Run: [HPLJ Config] C: \ Arquivos de programa \ Hewlett-Packard \ hp LaserJet 1150_1300 \ SetConfig.exe-c Direct-p DOT4_001-pn "hp LaserJet 1150 PCL 5e"-n 0 -- l 1033-sl 120000
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Arquivos de programa \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Arquivos de programa \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [AVP] "C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe"
O4 - HKLM \ .. \ Run: [f411a9e3] rundll32.exe "C: \ WINDOWS \ system32 \ knqyluad.dll", b
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Messenger (Yahoo!)] "C: \ Arquivos de programa \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Servicio de red')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Inicio rápido de OneNote 2007.lnk = C: \ Arquivos de programa \ Microsoft Office \ Office12 \ ONENOTEM.EXE
O4 - Global Startup: Búsqueda en el escritorio de Windows.lnk = C: \ Arquivos de programa \ Windows Desktop Search \ WindowsSearch.exe
O8 - Extra context menu item: E & xportar a Microsoft Excel - res: / / C: \ Archív ~ 1 \ MICROS ~ 3 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Arquivos de programa \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Arquivos de programa \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra button: protecção estatísticas de tráfego da Web - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ SCIEPlgn.dll
O9 - Extra button: Enviar uma OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archív ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: & Enviar a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archív ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra button: HP Clipbook - (58ECB495-38F0-49cb-A538-10282ABF65E7) - C: \ Arquivos de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra button: HP Smart Select - (700259D7-1666-479a-93B1-3250410481E8) - C: \ Arquivos de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Arquivos de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archív ~ 1 \ MICROS ~ 3 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Arquivos de programa \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Arquivos de programa \ Messenger \ msmsgs.exe
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (0BB9B244-504D-4515-AD0C-7D3102F43CEE): NameServer = 202.96.128.86 202.96.134.133
O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CS2 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GrooveSystemServices.dll
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ Archív ~ 1 \ Archív ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: C: \ Archív ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll, C: \ Archív ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C: \ Arquivos de programa \ Canon \ CAL \ CALMAIN.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Arquivos de programa \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C: \ Arquivos de programa \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE

--
Fim do processo - 9813 bytes

Esperando pela sua resposta imediata,

Kathy

**evilfantasy** · #2 21 de novembro de 2008, 12:56

Bem-vindo ao CJ.

Abrir HijackThis e escolha Faça um sistema de verificação só.

Coloque uma marca de verificação ao lado dos seguintes entradas: (se houver)

O4 - HKLM \ .. \ Run: [f411a9e3] rundll32.exe "C: \ WINDOWS \ system32 \ knqyluad.dll", b

Importante: Feche todas as janelas abertas, excepto para o HijackThis e clique em Fix controlados.

Uma vez concluído, saia HijackThis.

----------

Nota: as instruções abaixo foram criados especificamente para este usuário. Se você não é esse usuário, NÃO siga estas instruções, uma vez que poderia danificar o funcionamento de seu sistema

Ir para Iniciar> Executar e tipo notepad.exe clique em OK

Copie e cole a seguir no Bloco de notas e salve como fixme.reg a sua Desktop

Código:

REGEDIT4 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] "f411a9e3" =-

Localize fixme.reg em seu desktop e dê um duplo clique nele. Resposta Sim quando perguntado se fundir com a Secretaria.

Certifique-se de que você me diga se você receber uma mensagem de êxito sobre como adicionar o acima para o registro. Se você não receber uma mensagem de êxito, não funcionou.

Excluir a fixme.reg a partir do desktop.

----------

Imprima estas instruções, pois serão necessários mais tarde, quando o acesso à Internet não está disponível.

Baixar SDFix por AndyManchesta e salvá-lo em seu desktop.

Ao utilizar esta ferramenta, você deve usar o Administrador da conta ou uma conta com Direitos administrativos

Dê um clique duplo SDFix.exe e ele irá extrair os arquivos para% systemdrive%
(esta é a unidade que contém o diretório do Windows, normalmente C: \ SDFix).
NÃO usá-lo apenas ainda.

Reinicie o computador no Safe Mode utilizando o F8 método. Para fazer isso, reinicie o seu computador e depois de ouvido o computador apitar uma vez durante a inicialização (mas antes de o ícone do Windows) pressione a tecla F8 repetidamente. Um menu irá aparecer com várias opções. Use as setas para navegar e seleccionar a opção para executar o Windows no "Modo Seguro".

Abra a pasta SDFix e clique duas vezes RunThis.bat para iniciar o script.

Tipo Y para iniciar o processo de limpeza.
Ela irá remover qualquer Tróia ou Serviços Secretaria entradas encontradas, em seguida, pedir-lhe para pressione qualquer tecla para reiniciar.
Pressione qualquer tecla e ele irá reiniciar o PC.
Quando o PC reinicia, o Fixtool irá correr novamente e concluir o processo de remoção em seguida, apresentar Finished, Pressione qualquer tecla para terminar o script e carregar seu desktop ícones.
Após carregar os ícones do desktop SDFix relatório será aberta na tela e também em salvar a pasta SDFix como Report.txt.
Copie e cole o conteúdo do arquivo resultados Report.txt na sua próxima resposta, juntamente com um novo HijackThis log (a partir de arranque normal mode).

**kathymer** · #3 24 de novembro de 2008, 06:18

Olá Evil,

Desculpe por não ter escrito antes, eu tinha que ir a Hong Kong para os negócios. Daí que eu não tenho tempo para seguir as instruções nesse dia, e hoje constatamos que o HijackThis log já mudança.

Se você poderia dar uma olhada e me diga o que eu deveria agora, eu realmente aprecio isso e, mais uma vez, peço desculpas pelo atraso.

Aqui está:

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 09:17:07, em 24/11/2008
Plataforma: Windows XP SP3 (WinNT 5/01/2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ WLTRYSVC.EXE
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Arquivos de programa \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Arquivos de programa \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
C: \ Arquivos de programa \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Arquivos de programa \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Arquivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Toolbox \ StatusClient \ StatusClient.exe
C: \ Arquivos de programa \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Arquivos de programa \ Java \ jre6 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Arquivos de programa \ Windows Desktop Search \ WindowsSearch.exe
C: \ Arquivos de programa \ Microsoft Office \ Office12 \ ONENOTEM.EXE
c: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Arquivos de programa \ Canon \ CAL \ CALMAIN.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ Arquivos de programa \ Yahoo! \ Messenger \ ymsgr_tray.exe
C: \ WINDOWS \ system32 \ SearchProtocolHost.exe
C: \ Arquivos de programa \ Mozilla Firefox \ firefox.exe
C: \ Arquivos de programa \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Arquivos de programa \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Arquivos de programa \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ Imjpmig.exe" / Spoil / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp]% ProgramFiles% \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Arquivos de programa \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Arquivos de programa \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Arquivos de programa \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [StatusClient] C: \ Arquivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Toolbox \ StatusClient \ StatusClient.exe / auto
O4 - HKLM \ .. \ Run: [TomcatStartup] C: \ Arquivos de programa \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe
O4 - HKLM \ .. \ Run: [HPLJ Config] C: \ Arquivos de programa \ Hewlett-Packard \ hp LaserJet 1150_1300 \ SetConfig.exe-c Direct-p DOT4_001-pn "hp LaserJet 1150 PCL 5e"-n 0 -- l 1033-sl 120000
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Arquivos de programa \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Arquivos de programa \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [AVP] "C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe"
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Messenger (Yahoo!)] "C: \ Arquivos de programa \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Servicio de red')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Inicio rápido de OneNote 2007.lnk = C: \ Arquivos de programa \ Microsoft Office \ Office12 \ ONENOTEM.EXE
O4 - Global Startup: Búsqueda en el escritorio de Windows.lnk = C: \ Arquivos de programa \ Windows Desktop Search \ WindowsSearch.exe
O8 - Extra context menu item: E & xportar a Microsoft Excel - res: / / C: \ Archív ~ 1 \ MICROS ~ 3 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Arquivos de programa \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Arquivos de programa \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra button: protecção estatísticas de tráfego da Web - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ SCIEPlgn.dll
O9 - Extra button: Enviar uma OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archív ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: & Enviar a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archív ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra button: HP Clipbook - (58ECB495-38F0-49cb-A538-10282ABF65E7) - C: \ Arquivos de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra button: HP Smart Select - (700259D7-1666-479a-93B1-3250410481E8) - C: \ Arquivos de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Arquivos de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archív ~ 1 \ MICROS ~ 3 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Arquivos de programa \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Arquivos de programa \ Messenger \ msmsgs.exe
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (0BB9B244-504D-4515-AD0C-7D3102F43CEE): NameServer = 202.96.128.86 202.96.134.133
O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CS2 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GrooveSystemServices.dll
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ Archív ~ 1 \ Archív ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: C: \ Archív ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll, C: \ Archív ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C: \ Arquivos de programa \ Canon \ CAL \ CALMAIN.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Arquivos de programa \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C: \ Arquivos de programa \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE

--
Fim do processo - 9627 bytes

Obrigado novamente e aguardando a sua resposta,

Kathy

**evilfantasy** · #4 24 de novembro de 2008, 10:24

Nós ainda precisamos de fazer o SDFix scan.

Imprima estas instruções, pois serão necessários mais tarde, quando o acesso à Internet não está disponível.

Baixar SDFix por AndyManchesta e salvá-lo em seu desktop.

Ao utilizar esta ferramenta, você deve usar o Administrador da conta ou uma conta com Direitos administrativos

Dê um clique duplo SDFix.exe e ele irá extrair os arquivos para% systemdrive%
(esta é a unidade que contém o diretório do Windows, normalmente C: \ SDFix).
NÃO usá-lo apenas ainda.

Reinicie o computador no Safe Mode utilizando o F8 método. Para fazer isso, reinicie o seu computador e depois de ouvido o computador apitar uma vez durante a inicialização (mas antes de o ícone do Windows) pressione a tecla F8 repetidamente. Um menu irá aparecer com várias opções. Use as setas para navegar e seleccionar a opção para executar o Windows no "Modo Seguro".

Abra a pasta SDFix e clique duas vezes RunThis.bat para iniciar o script.

Tipo Y para iniciar o processo de limpeza.
Ela irá remover qualquer Tróia ou Serviços Secretaria entradas encontradas, em seguida, pedir-lhe para pressione qualquer tecla para reiniciar.
Pressione qualquer tecla e ele irá reiniciar o PC.
Quando o PC reinicia, o Fixtool irá correr novamente e concluir o processo de remoção em seguida, apresentar Finished, Pressione qualquer tecla para terminar o script e carregar seu desktop ícones.
Após carregar os ícones do desktop SDFix relatório será aberta na tela e também em salvar a pasta SDFix como Report.txt.
Copie e cole o conteúdo do arquivo resultados Report.txt na sua próxima resposta.

**kathymer** · #5 25 de novembro de 2008, 05:14

Evil Olá, aqui estão os resultados. Até agora, o computador está a trabalhar muito. Muito obrigado. Deixe-me saber se alguma coisa tem de ser feito.

SDFix: Version 1,240
Corre por Administrador em 25/11/2008 às 19:47

Microsoft Windows XP [Versões ¢ n 5/1/2600]
Running From: C: \ SDFix

Verificando Serviços :

Restaurar Padrão de Segurança Valores
Restaurar Predefinição Arquivo Hosts

Reinicializar

Verificar Arquivos :

Trojan Files Found:

C: \ WINDOWS \ system32 \ ssqPihiH.dll - Excluídos
C: \ Documents and Settings \ All Users \ Men £ Inicio \ Programas \ Inicio \. Protegida - Excluídos
C: \ Documents and Settings \ TrackerVsrGroup \ Men £ Inicio \ Programas \ Inicio \. Protegida - Excluídos
C: \ Arquivos de programa \ iSecurity \ antivirusxp.bmp - Excluídos
C: \ Arquivos de programa \ iSecurity \ antivirusxp.ico - Excluídos
C: \ Arquivos de programa \ iSecurity \ antivirusxpi.bmp - Excluídos
C: \ Arquivos de programa \ iSecurity \ iSecurity.dat - Excluídos
C: \ Arquivos de programa \ iSecurity \ iSecurity.html - Excluídos
C: \ Arquivos de programa \ iSecurity \ systemdefender.bmp - Excluídos
C: \ Arquivos de programa \ iSecurity \ systemdefender.ico - Excluídos
C: \ Arquivos de programa \ iSecurity \ systemdefenderi.bmp - Excluídos

Pasta C: \ Arquivos de programa \ IE Extensions - Removed
Pasta C: \ Arquivos de programa \ iSecurity - Removed
Pasta C: \ Arquivos de programa \ RichVideoCodec - Removed
Pasta C: \ WINDOWS \ system32 \ 734914 - Removed
Pasta C: \ WINDOWS \ system32 \ 931928 - Removed

Removing Temp Files

ADS Check :

Final Check :

CatchMe 0.3.1361.2 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 20:01:58
5/1/2600 Windows Service Pack 3 NTFS

digitalizar processos escondidos ...

varredura serviços ocultos e sistema colmeia ...

varredura escondida Registro entradas ...

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows Search \ Gather \ Windows \ SystemIndex]
"LogName" = "C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ Microsoft \ Search \ Data \ Applications \ Window s \ Projects \ SystemIndex \ SystemIndex.Ntfy10.gthr"
"SecondaryLogName" = "C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ Microsoft \ Search \ Data \ Applications \ Window s \ Projects \ SystemIndex \ SystemIndex.Ntfy11.gthr"

digitalizar os arquivos ocultos ...

varredura foi concluída com êxito
processos ocultos: 0
serviços ocultos: 0
ficheiros ocultos: 0

Restantes serviços :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ serviços es \ SharedAccess \ Parameters \ firewallpolicy \ standard profile \ authorizedapplications \ list]
"C: \ \ WINDOWS \ \ system32 \ \ Sessmgr.exe" = "C: \ \ WINDOWS \ \ system32 \ \ Sessmgr.exe: *: Disabled: @ Xpsp2res.dll, -22019"
"C: \ \ Archivos de programa \ \ Ares \ \ Ares.exe" = "C: \ \ Archivos de programa \ \ Ares \ \ Ares.exe: *: Disabled: Ares p2p for windows"
"C: \ \ WINDOWS \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ WINDOWS \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Disabled: @ Xpsp3res.dll, -20000"
"C: \ \ Archivos de programa \ \ Hewlett-Packard \ \ Toolbox2.0 \ \ Javasoft \ \ JRE \ 1.3.1 \ \ bin \ \ ja vaw.exe" = "C: \ \ Archivos de programa \ \ Hewlett-Packard \ \ Toolbox2.0 \ \ Javasoft \ \ JRE \ 1.3.1 \ \ bin \ \ ja vaw.exe: *: Disabled: javaw "
"C: \ \ WINDOWS \ \ system32 \ \ mmc.exe" = "C: \ \ WINDOWS \ \ sys tem32 \ \ mmc.exe: *: Disabled: Microsoft Management Console"
"C: \ \ Archivos de programa \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ \ Archivos de programa \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE: *: Disabled: Microsoft Office Groove "
"C: \ \ Archivos de programa \ \ Microsoft Office \ \ Office12 \ \ Onenote.exe" = "C: \ \ Archivos de programa \ \ Microsoft Office \ \ Office12 \ \ Onenote.exe: *: Disabled: Microsoft Office OneNote "
"C: \ \ Archivos de programa \ \ Microsoft Office \ \ Office12 \ \ OUTLOOK.EXE" = "C: \ \ Archivos de programa \ \ Microsoft Office \ \ Office12 \ \ OUTLOOK.EXE: *: Disabled: Microsoft Office Outlook "
"C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe: *: Disabled: Windows Live Messenger "
"C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ livecall.exe: *: Disabled: Windows Live Messenger (Telefone) "
"C: \ \ Archivos de programa \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Archivos de programa \ \ Messenger \ \ msmsgs.exe: *: Disabled: Windows Messenger"
"C: \ \ Documents and Settings \ \ All Users.WINDOWS \ \ Dados de programa \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Inglês \ \ setup.exe" = "C: \ \ Documents and Settings \ \ All Users.WINDOWS \ \ Dados de programa \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Inglês \ \ setup.exe: *: Disabled: Kaspersky Internet Security 2009 Setup "
"C: \ \ Archivos de programa \ \ Skype \ \ Phone \ \ Skype.exe" = "C: \ \ Archivos de programa \ \ Skype \ \ Phone \ \ Skype.exe: *: Disabled: Skype"
"C: \ \ Archivos de programa \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" = "C: \ \ Archivos de programa \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe: *: Disabled: Yahoo! Messenger "
"C: \ \ Archivos de programa \ \ AVG \ \ AVG8 \ \ avgupd.exe" = "C: \ \ Archivos de programa \ \ AVG \ \ AVG8 \ \ avgupd.exe: *: Enabled: avgupd.e xe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ serviços es \ SharedAccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20000"
"% windir% \ \ system32 \ \ Sessmgr.exe" = "% windir% \ \ siste M32 \ \ Sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe: *: Enabled: Windows Live Messenger "
"C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ livecall.exe: *: Enabled: Windows Live Messenger (Telefone) "

Remaining Files :

File Backups: - C: \ SDFix \ backups \ backups.zip

Arquivos com Hidden Attributes :

Domingo 12 mar 2006 10311680 .. SH. --- "C: \ Arquivos de programa \ AVIConverter \ mencoder.exe"
Seg. 14 abr 2008 60416 A.SH. --- "C: \ Arquivos de programas \ Outlook Express \ msimn.exe"
Sáb 11 nov 2006 4348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Ter. 13 nov 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Ter. 13 fev 2007 3096576 A.. H. --- "C: \ Documents and Settings \ TrackerVsrGroup \ Dados de programa \ U3 \ temp \ Launchpad Removal.exe"
Sex 21 nov 2008 18,922 ... H. --- "C: \ Documents and Settings \ Mauricio \ Meus documentos \ Erika \ Private \ Livros \ ~ WRL3517.tmp"

Pronto!

Obrigado,

Kathy

**evilfantasy** · #6 25 nov 2008, 11:56

Baixar Malwarebytes' Anti-Malware (MBAM)

Dê um clique duplo mbam-setup.exe e siga as instruções para instalar o programa.
Ao final, certifique-se de uma marca de verificação é colocada ao lado da seguinte forma:
- Actualizar Malwarebytes' Anti-Malware
- Lançamento Malwarebytes' Anti-Malware
Em seguida, clique em Concluir.
Se uma atualização for encontrada, ela vai baixar e instalar a versão mais recente.
Uma vez carregado o programa, selecione Execute verificação rápidaE, em seguida, clique em Scan.
Quando a pesquisa estiver concluída, clique em OKE, em seguida, Mostrar resultados para ver os resultados.
Tenha certeza de que tudo está marcada, e clique em Remover Selecionados.
Desinfecção Quando estiver concluída, será aberto um log no Bloco de Notas e você pode ser solicitado a reiniciar. (Veja Nota Extra)
O log é automaticamente salvo pelo MBAM e pode ser visualizada clicando no separador no MBAM Logs.
Copie e cole todo o relatório em sua próxima resposta.

Nota adicional: Se MBAM encontrar um arquivo que é difícil de remover, você será presenteado com 1 de 2 solicitações, clique em OK para deixar MBAM e quer avançar com o processo de desinfecção, se solicitado para reiniciar o computador, faça-o imediatamente.

----------

Baixar aleatório do sistema de informação ferramenta (RSIT) por acaso / aleatório e de guardá-lo para o seu desktop.

Dê um clique duplo sobre RSIT.exe para ser executado.
Clique Continuar a renúncia tela.
Assim que tiver terminado, dois logs serão abertos.
log.txt <será maximizada e info.txt <será minimizado
Por favor, postar o conteúdo de ambos toras na próxima resposta.

----------

Próximo post queira acrescentar:
MBAM log
RSIT log & info logs

Nota: Pode demorar dois lugares para obter todos os logs destacado.

**kathymer** · #7 29 de novembro de 2008, 08:10

Olá Evil,

aqui estão os logs:
Logfile aleatório do sistema de informação ferramenta 1,04 (escrito por acaso / aleatório)
Corre por Maurício em 2008/11/29 23:03:34
Microsoft Windows XP Professional Service Pack 3
Sistema de unidade C: tem 50 GB (68%), isenta de 73 GB
Total RAM: 1015 MB (53% livre)

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 11:03:42, em 29/11/2008
Plataforma: Windows XP SP3 (WinNT 5/01/2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ WLTRYSVC.EXE
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Arquivos de programa \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Arquivos de programa \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Arquivos de programa \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Arquivos de programa \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Arquivos de programa \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe
C: \ Arquivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Toolbox \ StatusClient \ StatusClient.exe
C: \ Arquivos de programa \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Arquivos de programa \ Java \ jre6 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Arquivos de programa \ Windows Desktop Search \ WindowsSearch.exe
C: \ Arquivos de programa \ Microsoft Office \ Office12 \ ONENOTEM.EXE
c: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e
C: \ Arquivos de programa \ Canon \ CAL \ CALMAIN.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ system32 \ SearchProtocolHost.exe
C: \ Arquivos de programa \ Yahoo! \ Messenger \ ymsgr_tray.exe
C: \ Arquivos de programa \ Mozilla Firefox \ firefox.exe
C: \ Documents and Settings \ Mauricio \ Escritorio \ RSIT.exe
C: \ Arquivos de programa \ Trend Micro \ HijackThis \ Mauricio.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Arquivos de programa \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Arquivos de programa \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: HP Print Enhancer - (0347C33E-8762-4905-BF09-768834316C61) - C: \ Arquivos de programa \ HP \ Smart Web Printing \ hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - (053F9267-DC04-4294-A72C-58F732D338C0) - C: \ Arquivos de programa \ HP \ Smart Web Printing \ hpswp_framework.dll
O2 - BHO: Adobe PDF Link Helper - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Arquivos de programa \ Archivos comunes \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Skype add-on (regente) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - C: \ Arquivos de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: AVG Safe Search - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - (no arquivo)
O2 - BHO: IEVkbdBHO - (59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C) - C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Arquivos de programa \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no arquivo)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Arquivos de programa \ Arquivos comuns \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: (no name) - (C08DF07A-3E49-4E25-9AB0-D3882835F153) - (no arquivo)
O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Arquivos de programa \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Arquivos de programa \ Java \ jre6 \ lib \ implantar \ jqs \ IE \ jqs_plugin.dl l
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Arquivos de programa \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ Imjpmig.exe" / Spoil / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp]% ProgramFiles% \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Arquivos de programa \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Arquivos de programa \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Arquivos de programa \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [StatusClient] C: \ Arquivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Toolbox \ StatusClient \ StatusClient.exe / auto
O4 - HKLM \ .. \ Run: [TomcatStartup] C: \ Arquivos de programa \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe
O4 - HKLM \ .. \ Run: [HPLJ Config] C: \ Arquivos de programa \ Hewlett-Packard \ hp LaserJet 1150_1300 \ SetConfig.exe-c Direct-p DOT4_001-pn "hp LaserJet 1150 PCL 5e"-n 0 -- l 1033-sl 120000
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Arquivos de programa \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Arquivos de programa \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [AVP] "C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe"
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Messenger (Yahoo!)] "C: \ Arquivos de programa \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Servicio de red')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Inicio rápido de OneNote 2007.lnk = C: \ Arquivos de programa \ Microsoft Office \ Office12 \ ONENOTEM.EXE
O4 - Global Startup: Búsqueda en el escritorio de Windows.lnk = C: \ Arquivos de programa \ Windows Desktop Search \ WindowsSearch.exe
O8 - Extra context menu item: E & xportar a Microsoft Excel - res: / / C: \ Archív ~ 1 \ MICROS ~ 3 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Arquivos de programa \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Arquivos de programa \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra button: protecção estatísticas de tráfego da Web - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ SCIEPlgn.dll
O9 - Extra button: Enviar uma OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archív ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: & Enviar a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archív ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra button: HP Clipbook - (58ECB495-38F0-49cb-A538-10282ABF65E7) - C: \ Arquivos de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra button: HP Smart Select - (700259D7-1666-479a-93B1-3250410481E8) - C: \ Arquivos de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Arquivos de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archív ~ 1 \ MICROS ~ 3 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Arquivos de programa \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Arquivos de programa \ Messenger \ msmsgs.exe
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (0BB9B244-504D-4515-AD0C-7D3102F43CEE): NameServer = 202.96.128.86 202.96.134.133
O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CS2 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GrooveSystemServices.dll
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ Archív ~ 1 \ Archív ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: C: \ Archív ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll, C: \ Archív ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C: \ Arquivos de programa \ Canon \ CAL \ CALMAIN.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Arquivos de programa \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C: \ Arquivos de programa \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE

--
Fim do arquivo - 11628 bytes

====== Pasta Tarefas agendadas ======

C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job
C: \ WINDOWS \ Tasks \ enlgfqlf.job

====== Registry dump ======

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (02478D38-C3F9-4EFB-9B51-7695ECA05670)]
Yahoo! Toolbar Helper - C: \ Arquivos de programa \ Yahoo! \ Companion \ installs \ CPN \ yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (0347C33E-8762-4905-BF09-768834316C61)]
HP Print Enhancer - C: \ Arquivos de programa \ HP \ Smart Web Printing \ hpswp_printenhancer.dll [2007/03/03 1298024]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (053F9267-DC04-4294-A72C-58F732D338C0)]
HP Print Clips - C: \ Arquivos de programa \ HP \ Smart Web Printing \ hpswp_framework.dll [2007/03/03 177768]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (18DF081C-E8AD-4283-A596-FA578C2EBDC3)]
Adobe PDF Link Helper - C: \ Arquivos de programa \ Archivos comunes \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (22BF413B-C6D2-4d91-82A9-A0F997BA588C)]
Skype add-on (regente) - C: \ Arquivos de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll [2008-06-04 1404928]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0)]
AVG Safe Search

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C)]
IEVkbdBHO Classe - C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (72853161-30C5-4D22-B7F9-0BBC1D38A37E)]
Groove GFS Browser Helper - C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (761497BB-D6F0-462C-B6EB-D4DAF1D92D43)]
SSVHelper Class - C: \ Arquivos de programa \ Java \ jre6 \ bin \ ssv.dll [2008-10-28 320920]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (7E853D72-626A-48EC-A868-BA8D5E23E045)]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (9030D464-4C02-4ABF-8ECC-5164760863C6)]
Windows Live Aplicación auxiliar de inicio de sesión - C: \ Arquivos de programa \ Arquivos comuns \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (C08DF07A-3E49-4E25-9AB0-D3882835F153)]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (DBC80044-A445-435b-BC74-9C25C1C588A9)]
Java (tm) Plug-In 2 SSV Helper - C: \ Arquivos de programa \ Java \ jre6 \ bin \ jp2ssv.dll [2008-10-28 34816]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (E7E6F031-17CE-4C07-BC86-EABFE594F69C)]
JQSIEStartDetectorImpl Classe - C: \ Arquivos de programa \ Java \ jre6 \ lib \ implantar \ jqs \ IE \ jqs_plugin.dl l [2008-10-28 73728]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \ Arquivos de programa \ Yahoo! \ Companion \ installs \ CPN \ yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Run]
"IMJPMIG8.1" = C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EX E [2008-04-14 208952]
"PHIME2002ASync" = C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A" = C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ Matiz SETP.EXE [2008-04-14 455168]
"GrooveMonitor" = C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GrooveMonitor.exe [2007-08-24 33648]
"SigmatelSysTrayApp" = C: \ Arquivos de programa \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe [2007/05/10 405504]
"Broadcom Wireless Manager UI" = C: \ WINDOWS \ system32 \ WLTRAY.exe [2006/11/01 1392640]
"HP Software Update" = C: \ Arquivos de programa \ HP \ HP Software Update \ HPWuSchd2.exe [2006-12-11 49152]
"Adobe Reader Speed Launcher" = C: \ Arquivos de programa \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe [2008-06-12 34672]
"QuickTime Task" = C: \ Arquivos de programa \ QuickTime \ QTTask.exe [2008/05/27 413696]
"StatusClient" = C: \ Arquivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Toolbox \ StatusClient \ StatusClient.exe [2002-12-17 36864]
"TomcatStartup" = C: \ Arquivos de programa \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe [2003/04/01 155648]
"HPLJ Config" = c: \ Archivos de programa \ Hewlett-Packard \ hp LaserJet 1150_1300 \ SetConfig.exe Direct-c-p-pn DOT4_001 HP LaserJet 1150 PCL 5e-n 0-l 1033-sl 120000 []
"SynTPEnh" = C: \ Arquivos de programa \ Synaptics \ SynTP \ SynTPEnh.exe [2007/12/07 1024000]
"SunJavaUpdateSched" = C: \ Arquivos de programa \ Java \ jre6 \ bin \ jusched.exe [2008/10/28 136600]
"igfxtray" = C: \ WINDOWS \ system32 \ igfxtray.exe [2006-09-15 94208]
"igfxhkcmd" = C: \ WINDOWS \ system32 \ hkcmd.exe [2006-09-15 77824]
"igfxpers" = C: \ WINDOWS \ system32 \ igfxpers.exe [2006/09/15 118784]
"AVP" = C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe [2008-07-29 206088]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntVersion \ Run]
"Ctfmon.exe" = C: \ WINDOWS \ system32 \ ctfmon.exe [2008-04-14 15360]
"Messenger (Yahoo!)" = C: \ Arquivos de programa \ Yahoo! \ Messenger \ YahooMessenger.exe [2008/11/05 4347120]

C: \ Documents and Settings \ All Users.WINDOWS \ Menú Inicio \ Programas \ Inicio
Búsqueda en el escritorio de Windows.lnk - C: \ Arquivos de programa \ Windows Desktop Search \ WindowsSearch.exe

C: \ Documents and Settings \ Mauricio \ Menú Inicio \ Programas \ Inicio
Recorte de tela e Inicio rápido de OneNote 2007.lnk - C: \ Arquivos de programa \ Microsoft Office \ Office12 \ ONENOTEM.EXE

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = "C: \ Archív ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll, C: \ Archív ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ igfxcui]
C: \ WINDOWS \ system32 \ igfxdev.dll [2006/09/15 139264]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ klogon]
C: \ WINDOWS \ system32 \ klogon.dll [2008/07/29 218376]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ ShellServiceObjectDelayLoad]
UPnPMonitor - (e57ce738-33e8-4c51-8354-bb4de9d215d1) - C: \ WINDOWS \ system32 \ upnpui.dll [2008-04-14 240128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks]
"(B5A7F190-DDA6-4420-B3BA-52453494E6CD)" = C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GrooveShellExtensions.dll [2007-08-24 2212224]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = C: \ Arquivos de programa \ Windows Desktop Search \ MSNLNamespaceMgr.dll [2007/02/06 294400]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Policies \ System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntVersion \ Policies \ Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ serviços es \ SharedAccess \ Parameters \ firewallpolicy \ standard profile \ authorizedapplications \ list]
"C: \ WINDOWS \ system32 \ Sessmgr.exe" = "C: \ WINDOWS \ syst em32 \ Sessmgr.exe: *: Disabled: @ Xpsp2res.dll, -22019"
"C: \ Arquivos de programa \ Ares \ Ares.exe" = "C: \ Arquivos de programa \ Ares \ Ares.exe: *: Disabled: Ares p2p for windows"
"C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe" = "C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe: *: Disabled: @ Xpsp3res.dll, -20000"
"C: \ Arquivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e" = "C: \ Arquivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e: *: Disabled: javaw "
"C: \ WINDOWS \ system32 \ mmc.exe" = "C: \ WINDOWS \ system32 \ mmc.exe: *: Disabled: Microsoft Management Console"
"C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GROOVE.EXE" = "C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GROOVE.EXE: *: Disabled: Microsoft Office Groove"
"C: \ Arquivos de programa \ Microsoft Office \ Office12 \ Onenote.exe" = "C: \ Arquivos de programa \ Microsoft Office \ Office12 \ Onenote.exe: *: Disabled: Microsoft Office OneNote"
"C: \ Arquivos de programa \ Microsoft Office \ Office12 \ OUTLOOK.EXE" = "C: \ Arquivos de programa \ Microsoft Office \ Office12 \ OUTLOOK.EXE: *: Disabled: Microsoft Office Outlook"
"C: \ Arquivos de programa \ Windows Live \ Messenger \ msnmsgr.exe" = "C: \ Arquivos de programa \ Windows Live \ Messenger \ msnmsgr.exe: *: Disabled: Windows Live Messenger"
"C: \ Arquivos de programa \ Windows Live \ Messenger \ livecall.exe" = "C: \ Arquivos de programa \ Windows Live \ Messenger \ livecall.exe: *: Disabled: Windows Live Messenger (Telefone)"
"C: \ Arquivos de programa \ Messenger \ msmsgs.exe" = "C: \ Arquivos de programa \ Messenger \ msmsgs.exe: *: Disabled: Windows Messenger"
"C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ Kaspersky Lab Setup Files \ Kaspersky Internet Security 2009 \ Inglês \ setup.exe" = "C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ Kaspersky Lab Setup Files \ Kaspersky Internet Security 2009 \ Inglês \ setup.exe: *: Disabled: Kaspersky Internet Security 2009 Setup "
"C: \ Arquivos de programa \ Yahoo! \ Messenger \ YahooMessenger.exe" = "C: \ Arquivos de programa \ Yahoo! \ Messenger \ YahooMessenger.exe: *: Dis capacitado: Yahoo! Messenger"
"C: \ Arquivos de programa \ AVG \ AVG8 \ avgupd.exe" = "C: \ Arquivos de programa \ AVG \ AVG8 \ avgupd.exe: *: Enabled: avgupd.exe"
"C: \ Arquivos de programa \ Skype \ Phone \ Skype.exe" = "C: \ Arquivos de programa \ Skype \ Phone \ Skype.exe: *: Enabled: Skype"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ serviços es \ SharedAccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20000"
"% windir% \ system32 \ Sessmgr.exe" = "% windir% \ system32 \ Sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ Arquivos de programa \ Windows Live \ Messenger \ msnmsgr.exe" = "C: \ Arquivos de programa \ Windows Live \ Messenger \ msnmsgr.exe: *: Enabled: Windows Live Messenger"
"C: \ Arquivos de programa \ Windows Live \ Messenger \ livecall.exe" = "C: \ Arquivos de programa \ Windows Live \ Messenger \ livecall.exe: *: Enabled: Windows Live Messenger (Telefone)"

====== Lista dos arquivos / pastas criadas no passado 1 mês ======

2008-11-29 23:03:33 ---- D ---- C: \ rsit
2008-11-29 22:41:40 ---- D ---- C: \ Documents and Settings \ Mauricio \ Dados de programa \ Malwarebytes
2008-11-29 22:41:23 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ Malwarebytes
2008-11-29 22:41:23 ---- D ---- C: \ Arquivos de programa \ Malwarebytes' Anti-Malware
2008-11-29 09:19:41 SH ---- ---- C: \ WINDOWS \ system32 \ dhtngaxu.ini
2008-11-27 22:05:52 SH ---- ---- C: \ WINDOWS \ system32 \ pugslxae.ini
2008-11-26 22:03:57 SH ---- ---- C: \ WINDOWS \ system32 \ eukkiphh.ini
2008-11-25 19:41:04 ---- D ---- C: \ WINDOWS \ ERUNT
2008-11-25 11:01:26 SH ---- ---- C: \ WINDOWS \ system32 \ lulxsfxo.ini
2008-11-24 21:19:15 ---- D ---- C: \ SDFix
2008-11-24 07:58:30 SH ---- ---- C: \ WINDOWS \ system32 \ xgvvibbj.ini
2008-11-22 08:27:10 SH ---- ---- C: \ WINDOWS \ system32 \ pqukverl.ini
2008-11-21 21:52:02 ---- D ---- C: \ Arquivos de programa \ Trend Micro
2008-11-21 08:24:21 SH ---- ---- C: \ WINDOWS \ system32 \ daulyqnk.ini
2008-11-21 07:57:32 ---- D ---- C: \ Documents and Settings \ Mauricio \ Dados de programa \ Desktopicon
2008-11-21 07:57:23 ---- D ---- C: \ Arquivos de programa \ Unlocker
2008-11-20 08:08:07 ---- A ---- C: \ WINDOWS \ Ntbtlog.txt
2008-11-19 23:33:53 SH ---- ---- C: \ WINDOWS \ system32 \ hhgdaqoj.ini
2008-11-19 20:40:38 ---- D ---- C: \ WINDOWS \ system32 \ NtmsData
2008-11-19 00:35:14 ---- D ---- C: \ WINDOWS \ RegisteredPackages
2008-11-19 00:18:12 ---- N ---- C: \ WINDOWS \ system32 \ pxcpya64.exe
2008-11-19 00:17:54 ---- N ---- C: \ WINDOWS \ system32 \ pxinsa64.exe
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ vxblock.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxwave.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxsfs.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxmas.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxhpinst.exe
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxdrv.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxafs.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ px.dll
2008-11-19 00:16:06 ---- D ---- C: \ Documents and Settings \ Mauricio \ Dados de programa \ Winamp
2008-11-19 00:16:06 ---- D ---- C: \ Arquivos de programa \ Winamp
2008-11-18 23:18:58 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ Kaspersky Lab
2008-11-18 23:18:58 ---- D ---- C: \ Arquivos de programa \ Kaspersky Lab
2008-11-18 22:53:33 SH ---- ---- C: \ WINDOWS \ system32 \ gpifbath.ini
2008-11-18 22:53:08 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ Yahoo! Companion
2008-11-18 22:52:54 ---- A ---- C: \ WINDOWS \ system32 \ ff326d9d-.txt
2008-11-18 22:49:38 CINZAS ---- ---- C: \ WINDOWS \ system32 \ OrBIOqss.ini
2008-11-18 21:50:39 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ Kaspersky Lab Setup Files
2008-11-18 21:50:11 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ Avg8
2008-11-18 21:01:02 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ Yahoo!
2008-11-18 21:00:55 ---- D ---- C: \ Arquivos de programa \ Yahoo!
2008-11-16 18:22:11 ---- A ---- C: \ WINDOWS \ system32 \ igfxres.dll
2008-11-16 18:14:28 ---- A ---- C: \ WINDOWS \ system32 \ iAlmCoIn_v4693.dll
2008-11-16 18:14:04 ---- D ---- C: \ Arquivos de programa \ Lenovo
2008-11-16 18:13:02 ---- D ---- C: \ Documents and Settings \ Mauricio \ Dados de programa \ InstallShield
2008-11-16 17:07:04 ---- D ---- C: \ Arquivos de programa \ Ares
2008-11-16 07:56:56 ---- HDC ---- C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ (51019853-129-4EDE-9030-D5FD7BBD9AD0)
2008-11-16 07:50:56 ---- N ---- C: \ WINDOWS \ system32 \ spmsg2.dll
2008-11-16 07:50:46 ---- HDC ---- C: \ WINDOWS \ $ $ NtUninstallXPSEPSCLP
2008-11-16 07:45:41 ---- D ---- C: \ WINDOWS \ system32 \ XPSViewer
2008-11-16 07:45:33 ---- D ---- C: \ WINDOWS \ system32 \ pt-BR
2008-11-16 07:45:22 ---- D ---- C: \ Arquivos de programa \ Reference Assemblies
2008-11-16 07:43:37 ---- N ---- C: \ WINDOWS \ system32 \ prntvpt.dll
2008-11-16 07:43:36 ---- N ---- C: \ WINDOWS \ system32 \ xpssvcs.dll
2008-11-16 07:43:36 ---- N ---- C: \ WINDOWS \ system32 \ xpsshhdr.dll
2008-11-16 07:43:35 ---- D ---- C: \ 5f1fa5494e63fddfbdfa29aa67bcdc5a
2008-11-16 07:32:05 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ DriverScanner
2008-11-16 07:30:14 ---- HDC ---- C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ (D5ABFFAD-D592-4F98-B02B-587125B4801F)
2008-11-16 07:27:18 ---- D ---- C: \ Documents and Settings \ Mauricio \ Dados de programa \ Uniblue
2008-11-16 07:26:25 ---- D ---- C: \ Arquivos de programa \ Uniblue
2008-11-16 07:25:46 ---- HDC ---- C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ (B46E1EF5-0B37-4DB4-A4E2-9F2B41036185)
2008-10-31 20:38:38 ---- A ---- C: \ WINDOWS \ system32 \ vfwwdm32.dll
2008-10-30 19:39:53 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ QuickTime
2008-10-30 19:39:05 ---- D ---- C: \ Arquivos de programa \ Archivos comunes \ Ulead Systems
2008-10-30 19:38:30 ---- D ---- C: \ Arquivos de programa \ InterVideo Information Service
2008-10-30 19:38:30 ---- D ---- C: \ Arquivos de programa \ Archivos comunes \ Ulead
2008-10-30 19:37:27 ---- D ---- C: \ Arquivos de programa \ Archivos comunes \ InterVideo
2008-10-30 19:37:22 ---- D ---- C: \ Arquivos de programa \ InterVideo
2008-10-30 19:37:22 ---- A ---- C: \ WINDOWS \ mws.exe
2008-10-30 19:37:13 ---- D ---- C: \ Documents and Settings \ Mauricio \ Dados de programa \ InterVideo
2008-10-30 19:36:31 ---- D ---- C: \ Arquivos de programa \ Digital Camera

====== Lista dos arquivos / pastas modificadas nos últimos 1 mês ======

2008-11-29 23:02:55 ---- D ---- C: \ WINDOWS \ Temp
2008-11-29 23:01:22 ---- D ---- C: \ Arquivos de programa \ Mozilla Firefox
2008-11-29 22:59:43 ---- D ---- C: \ WINDOWS
2008-11-29 22:58:13 ---- D ---- C: \ WINDOWS \ system32 \ drivers
2008-11-29 22:58:13 ---- D ---- C: \ WINDOWS \ system32
2008-11-29 22:57:31 ---- A ---- C: \ WINDOWS \ SchedLgU.Txt
2008-11-29 22:41:23 ---- RD ---- C: \ Arquivos de programa
2008-11-29 09:39:51 ---- D ---- C: \ Arquivos de programa \ Mozilla Thunderbird
2008-11-28 20:28:20 ---- D ---- C: \ WINDOWS \ system32 \ CatRoot2
2008-11-26 00:42:28 ---- D ---- C: \ Documents and Settings \ Mauricio \ Dados de programa \ Skype
2008-11-25 22:39:44 ---- D ---- C: \ Documents and Settings \ Mauricio \ Dados de programa \ skypePM
2008-11-21 09:46:32 ---- A ---- C: \ WINDOWS \ system32 \ PerfStringBackup.INI
2008-11-21 08:20:19 ---- A ---- C: \ WINDOWS \ OEWABLog.txt
2008-11-21 01:29:03 ---- SHD ---- C: \ System Volume Information
2008-11-21 01:29:03 ---- D ---- C: \ WINDOWS \ system32 \ Restore
2008-11-21 00:01:59 ---- D ---- C: \ Program Files
2008-11-20 12:39:56 ---- D ---- C: \ WINDOWS \ prefetch
2008-11-20 08:14:06 ---- SHD ---- C: \ recycler
2008-11-20 08:09:06 ---- D ---- C: \ Documents and Settings
2008-11-19 20:08:01 ---- D ---- C: \ WINDOWS \ Help
2008-11-19 20:00:27 ---- D ---- C: \ WINDOWS \ system32 \ config
2008-11-19 07:15:53 ---- D ---- C: \ WINDOWS \ security
2008-11-19 00:45:38 ---- D ---- C: \ WINDOWS \ Debug
2008-11-19 00:45:24 ---- HD ---- C: \ WINDOWS \ inf
2008-11-19 00:42:49 ---- ---- RSHDC C: \ WINDOWS \ system32 \ dllcache
2008-11-18 23:26:21 ---- SHD ---- C: \ WINDOWS \ Installer
2008-11-18 23:26:18 ---- HD ---- C: \ Config.Msi
2008-11-18 22:54:46 ---- D ---- C: \ WINDOWS \ rede de diagnóstico
2008-11-18 22:39:38 ---- SD ---- C: \ WINDOWS \ Tasks
2008-11-18 22:05:01 ---- RSD ---- C: \ WINDOWS \ Fonts
2008-11-18 20:27:00 RASH ---- ---- C: \ boot.ini
2008-11-16 21:31:33 ---- D ---- C: \ WINDOWS \ Microsoft.NET
2008-11-16 21:31:31 ---- RSD ---- C: \ WINDOWS \ assembly
2008-11-16 19:29:33 ---- D ---- C: \ Documents and Settings \ Mauricio \ Dados de programa \ ZoomBrowser EX
2008-11-16 19:12:02 ---- D ---- C: \ Documents and Settings \ Mauricio \ Dados de programa \ CameraWindowDC
2008-11-16 18:19:17 DC ---- ---- C: \ WINDOWS \ system32 \ DRVSTORE
2008-11-16 18:18:59 ---- D ---- C: \ Arquivos de programa \ Broadcom
2008-11-16 18:15:38 ---- D ---- C: \ WINDOWS \ system32 \ ReinstallBackups
2008-11-16 18:14:04 ---- HD ---- C: \ Arquivos de programa \ InstallShield Installation Information
2008-11-16 18:12:53 ---- D ---- C: \ drivers
2008-11-16 18:00:33 ---- D ---- C: \ Arquivos de programa \ VideoLAN
2008-11-16 17:49:54 ---- D ---- C: \ i386
2008-11-16 07:51:08 ---- A ---- C: \ WINDOWS \ imsins.BAK
2008-11-16 07:50:04 ---- D ---- C: \ WINDOWS \ system32 \ es-ES
2008-11-16 07:45:35 ---- D ---- C: \ Arquivos de programa \ MSBuild
2008-11-16 07:41:29 ---- D ---- C: \ WINDOWS \ winSxS
2008-10-30 19:40:39 ---- D ---- C: \ Arquivos de programa \ Google
2008-10-30 19:39:05 ---- D ---- C: \ Arquivos de programa \ Archivos comunes
2008-10-30 19:36:32 ---- D ---- C: \ WINDOWS \ system

====== Lista dos maquinistas (R = Running, S = Stopped, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )======

R1 intelppm; Controlador de procesador Intel; C: \ WINDOWS \ system32 \ DRIVERS \ Intelppm.sys [2008-04-14 40576]
R1 KLIF; Kaspersky Lab Driver; C: \ WINDOWS \ system32 \ DRIVERS \ klif.sys [2008-11-18 213008]
R3 BCM43XX; Controlador de la tarjeta de red inalámbrica WLAN de Dell; C: \ WINDOWS \ system32 \ DRIVERS \ bcmwl5.sys [2006/10/12 604928]
R3 bcm4sbxp; Broadcom 440x 10/100 Integrated Controller Driver XP; C: \ WINDOWS \ system32 \ DRIVERS \ bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt; Controlador de bateria de método de controle ACPI de Microsoft, C: \ WINDOWS \ system32 \ DRIVERS \ CmBatt.sys [2008-04-14 13952]
R3 HDAudBus; Controlador de bus de Microsoft UAA para High Definition Audio; C: \ WINDOWS \ system32 \ DRIVERS \ Hdaudbus.sys [2008-04-14 144384]
R3 ialm; ialm; C: \ WINDOWS \ system32 \ DRIVERS \ ialmnt5.sys [2006-09-15 1173468]
R3 Iviaspi; IVI ASPI Shell; C: \ WINDOWS \ system32 \ drivers \ iviaspi.sys [2006-11-22 16024]
R3 klim5; Kaspersky Anti-Virus NDIS Filter; C: \ WINDOWS \ system32 \ DRIVERS \ klim5.sys [2008-04-30 24592]
R3 NWADI; NWADI Bus Enumerator; C: \ WINDOWS \ system32 \ DRIVERS \ NWADIenum.sys [2006-03-27 74752]
R3 STHDA; SigmaTel High Definition Audio CODEC; C: \ WINDOWS \ system32 \ drivers \ sthda.sys [2007/05/10 1222840]
R3 SynTP; Synaptics Touchpad Driver, C: \ WINDOWS \ system32 \ DRIVERS \ SynTP.sys [2007/12/07 220032]
R3 usbehci; Controlador minipuerto de la controladora Mejorada USB 2.0 de Microsoft, C: \ WINDOWS \ system32 \ DRIVERS \ Usbehci.sys [2008-04-14 30208]
R3 usbhub; Concentrador habilitado USB2; C: \ WINDOWS \ system32 \ DRIVERS \ usbhub.sys [2008-04-14 59520]
R3 usbuhci; Controlador minipuerto de la controladora de host USB universal de Microsoft, C: \ WINDOWS \ system32 \ DRIVERS \ Usbuhci.sys [2008-04-14 20608]
S3 CatchMe; CatchMe; \? \ C: \ DOCUME ~ 1 \ Mauricio \ CONFIG ~ 1 \ Temp \ catchme.sys []
S3 CCDECODE; Descodificador de título cerrado; C: \ WINDOWS \ system32 \ DRIVERS \ CCDECODE.sys [2008-04-14 17024]
S3 DOT4; Controlador IEEE MS-1284,4; C: \ WINDOWS \ system32 \ DRIVERS \ Dot4.sys [2008-04-14 206976]
S3 Dot4Print; Controlador de clase de impresión para IEEE-1284,4; C: \ WINDOWS \ system32 \ DRIVERS \ Dot4Prt.sys [2001-08-18 12928]
S3 dot4usb; MS Dot4USB Filtro Filtro Dot4USB; C: \ WINDOWS \ system32 \ DRIVERS \ dot4usb.sys [2001-08-23 24064]
S3 hidusb; Controlador de clases HID de Microsoft, C: \ WINDOWS \ system32 \ DRIVERS \ hidusb.sys [2008-04-14 10368]
S3 HPZid412; IEEE-1284,4 Driver HPZid412; C: \ WINDOWS \ system32 \ DRIVERS \ HPZid412.sys [2006-12-03 49920]
S3 HPZipr12; Print Class Driver para IEEE-1284,4 HPZipr12; C: \ WINDOWS \ system32 \ DRIVERS \ HPZipr12.sys [2006-12-03 16496]
S3 HPZius12; USB para IEEE-1284,4 Tradução Driver HPZius12; C: \ WINDOWS \ system32 \ DRIVERS \ HPZius12.sys [2006-12-03 21568]
S3 mouhid; Controlador HID de rato; C: \ WINDOWS \ system32 \ DRIVERS \ mouhid.sys [2001-08-24 12416]
S3 MSTEE; Convertidor Tee / Sink-to-Sink de transferencia de Microsoft, C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC; Codec NABTS / FEC VBI; C: \ WINDOWS \ system32 \ DRIVERS \ NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP; Conexión de TV / Vídeo de Microsoft, C: \ WINDOWS \ system32 \ DRIVERS \ NdisIP.sys [2008-04-14 10880]
S3 PCASp50; PCASp50 NDIS Protocol Driver; C: \ WINDOWS \ System32 \ Drivers \ PCASp50.sys [2006-04-10 18560]
S3 SLIP; BDA Slip De-framer, C: \ WINDOWS \ system32 \ DRIVERS \ SLIP.sys [2008-04-14 11136]
S3 streamip; Receptor BDA IP; C: \ WINDOWS \ system32 \ DRIVERS \ StreamIP.sys [2008-04-14 15232]
S3 usbccgp; PRIMARIO Controlador USB genérico de Microsoft, C: \ WINDOWS \ system32 \ DRIVERS \ Usbccgp.sys [2008-04-14 32128]
S3 usbprint; Clase de Impresora USB de Microsoft, C: \ WINDOWS \ system32 \ DRIVERS \ Usbprint.sys [2008-04-14 25856]
S3 usbscan; Controlador de escáner USB; C: \ WINDOWS \ system32 \ DRIVERS \ usbscan.sys [2008-04-14 15104]
S3 USBSTOR; Dispositivo de almacenamiento masivo de dados USB; C: \ WINDOWS \ system32 \ DRIVERS \ USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo; Dispositivo de vídeo USB (WDM); C: \ WINDOWS \ System32 \ Drivers \ usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC; Codec de teletexto standard mundial; C: \ WINDOWS \ system32 \ DRIVERS \ WSTCODEC.SYS [2008-04-14 19200]
S4 WS2IFSL; Entorno de compatibilidad con Fornecedores de serviços de qualquer IFS do Windows Socket 2.0; C: \ WINDOWS \ system32 \ drivers \ ws2ifsl.sys [2001-08-24 12032]

====== Lista de serviços (R = Running, S = Stopped, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )======

R2 AVP; Kaspersky Anti-Virus; C: \ Arquivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe [2008-07-29 206088]
R2 CCALib8; Canon Camera Access Library 8; C: \ Arquivos de programa \ Canon \ CAL \ CALMAIN.exe [2007-01-31 96370]
R2 hpqddsvc; Servicio HP CUE DeviceDiscovery; C: \ WINDOWS \ system32 \ svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService; Java Quick Starter; C: \ Arquivos de programa \ Java \ jre6 \ bin \ jqs.exe [2008-10-28 152984]
R2 Net Driver HPZ12; Net Driver HPZ12; C: \ WINDOWS \ System32 \ svchost.exe [2008-04-14 14336]
R2 PML Driver HPZ12; PML Driver HPZ12; C: \ WINDOWS \ System32 \ svchost.exe [2008-04-14 14336]
R2 UleadBurningHelper; Ulead Burning Helper; C: \ Arquivos de programa \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe [2004-12-13 49152]
R2 UMWdf; Windows User Mode Driver Framework, C: \ WINDOWS \ system32 \ Wdfmgr.exe [2005-01-28 38912]
R2 wltrysvc; Dell Wireless WLAN Tray Service; C: \ WINDOWS \ System32 \ WLTRYSVC.EXE [2006-11-01 20480]
R2 WSearch; Búsqueda de Windows, C: \ WINDOWS \ system32 \ SearchIndexer.exe [2007/02/06 300032]
R3 hpqcxs08; hpqcxs08; C: \ WINDOWS \ system32 \ svchost.exe [2008-04-14 14336]
S3 aspnet_state; ASP.NET Serviço de Estado; C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 \ aspn et_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;. NET Runtime Optimization Service v2.0.50727_X86; C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 \ msco rsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0; Windows Presentation Foundation Font Cache 3.0.0.0; C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.0 \ wpf \ présen tationFontCache.exe [2008-07-29 46104]
S3 idsvc; Windows CardSpace, C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.0 \ Windows Communication Foundation \ infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service; Microsoft Office Groove Audit Service; C: \ Arquivos de programa \ Microsoft Office \ Office12 \ GrooveAuditService.exe [2007-08-24 68464]
S3 odserv; Microsoft Office Diagnostics Service; C: \ Arquivos de programa \ Arquivos comuns \ Microsoft Shared \ OFFICE12 \ ODSERV.EXE [2007-08-24 443776]
S3 ose; Office Source Engine; C: \ Arquivos de programa \ Arquivos comuns \ Microsoft Shared \ Source Engine \ Ose.exe [2006-10-26 145184]
S3 usnjsvc; Lector del Servicio diario USN de Carpetas para compartilhar de Messenger, C: \ Arquivos de programa \ Windows Live \ Messenger \ usnsvc.exe [2007-10-19 98328]
S3 WLSetupSvc; Windows Live Setup Service; C: \ Arquivos de programa \ Windows Live \ installer \ WLSetupSvc.exe [2007-10-26 266240]
S4 NetTcpPortSharing; Net.Tcp Port Sharing Service; C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.0 \ Windows Communication Foundation \ SMSvcHost.exe [2008-07-29 132096]
S4 Zumie Search Service; Zumie Search Service; C: \ Arquivos de programa \ Zumie \ zumie.exe C: \ Arquivos de programa \ Zumie \ zumie.dll Service []

----------------- ----------------- EOF

**kathymer** · #8 29 de novembro de 2008, 08:11

info.txt logfile aleatório do sistema de informação ferramenta 1/04 2008/11/29 23:03:46

====== Uninstall list ======

-> "C: \ Arquivos de programa \ InstallShield Installation Information \ (F37167DD-4436-4641-90B6-329D60632DDA) \ Setup.exe" REMOVEALL - u: (F37167DD-4436-4641-90B6-329D60632DDA)
-> Rundll32 C: \ Archív ~ 1 \ Archív ~ 1 \ INSTAL ~ 1 \ profis ~ 1 \ Runtime \ 070 1 \ Intel32 \ Ctor.dll, LaunchSetup "C: \ Arquivos de programa \ InstallShield Installation Information \ (FA7621DC - 7144-4A24-973C-B9BC0E945628) \ setup.exe "-l0x9
-> rundll32.exe setupapi.dll, DefaultUnInstall InstallHinfSection 132 C: \ WINDOWS \ INF \ PCHealth.inf
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-0015-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-0016-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-0018-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-0019-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-001A-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-001B-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-001F-0403-0000-0000000FF1CE) / uninstall (A5B6B786-2D6F-4B75-940F-42B32D01D146)
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-001F-0409-0000-0000000FF1CE) / uninstall (3EC77D26-4CD8-799B-914F-C1565E796173)
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-001F-040C-0000-0000000FF1CE) / uninstall (430971B1-C31E-45DA-81E0-72C095BAB72C)
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-001F-0416-0000-0000000FF1CE) / uninstall (669EB263-0AFE-4FCB-A068-DB082CA6273C)
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-001F-0C0A-0000-0000000FF1CE) / uninstall (F7A31780-33C4-4E39-951A-5EC9B91D7BF1)
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (BEE75E01-DD3F-4D5F-B96C-609E6538D419)
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-006E-0C0A-0000-0000000FF1CE) / uninstall (35B14BD6-6042-4A55-B326-58309DC8C72A)
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-00A1-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
Microsoft Office 2007 Service Pack 1 (SP1) -> msiexec / package (90120000-00BA-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
32 Bits HP CIO Components Installer -> MsiExec.exe / I (F1E63043-54FC-429B-AB2C-31AF9FBA4BC7)
Acrobat.com--> C: \ Arquivos de programa \ Arquivos comuns \ Adobe AIR \ Versões \ 1.0 \ Adobe AIR Application Installer.exe-uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com--> MsiExec.exe / I (77DCDCE3-2DED-62F3-8154-05E745472D07)
Actualización de seguridad para Windows XP (KB923789) -> C: \ WINDOWS \ system32 \ Macromed \ Flash \ genuinst.exe C: \ WINDOWS \ system32 \ Macromed \ Flash \ KB923789.inf
Actualización de seguridad para Windows XP (KB950759 )-->" C: \ WINDOWS \ $ NtUninstallKB950759 $ \ spuninst \ spunin st.exe "
Actualización de seguridad para Windows XP (KB950760 )-->" C: \ WINDOWS \ $ NtUninstallKB950760 $ \ spuninst \ spunin st.exe "
Actualización de seguridad para Windows XP (KB950762 )-->" C: \ WINDOWS \ $ NtUninstallKB950762 $ \ spuninst \ spunin st.exe "
Actualización de seguridad para Windows XP (KB951376-v2 )-->" C: \ WINDOWS \ $ NtUninstallKB951376-v2 $ \ spuninst \ spuninst.exe "
Actualización de seguridad para Windows XP (KB951698 )-->" C: \ WINDOWS \ $ NtUninstallKB951698 $ \ spuninst \ spunin st.exe "
Actualización de seguridad para Windows XP (KB951748 )-->" C: \ WINDOWS \ $ NtUninstallKB951748 $ \ spuninst \ spunin st.exe "
Actualización para Windows XP (KB898461 )-->" C: \ WINDOWS \ $ NtUninstallKB898461 $ \ spuninst \ spunin st.exe "
Actualización para Windows XP (KB942763 )-->" C: \ WINDOWS \ $ NtUninstallKB942763 $ \ spuninst \ spunin st.exe "
Actualización para Windows XP (KB951072-v2 )-->" C: \ WINDOWS \ $ NtUninstallKB951072-v2 $ \ spuninst \ spuninst.exe "
Actualización para Windows XP (KB951978 )-->" C: \ WINDOWS \ $ NtUninstallKB951978 $ \ spuninst \ spunin st.exe "
Adobe AIR -> MsiExec.exe / I (197A3012-8C85-4FD3-AB66-9EC7E13DB92E)
Adobe Flash Player 10 ActiveX -> C: \ WINDOWS \ system32 \ Macromed \ Flash \ uninstall_acti veX.exe
Adobe Flash Player Plugin -> C: \ WINDOWS \ system32 \ Macromed \ Flash \ uninstall_plug in.exe
Adobe Reader 9 -> MsiExec.exe / I (AC76BA86-7AD7-1033-7B44-A90000000001)
Apple Software Update -> MsiExec.exe / I (02DFF6B1-1654-411C-8D7B-FD6052EF016F)
Ares 2.0.9 -> "C: \ Arquivos de programa \ Ares \ uninstall.exe"
AVIConverter 3.0 -> C: \ Arquivos de programa \ AVIConverter \ Uninst.exe
Barra Yahoo! com bloqueador de ventanas emergentes -> C: \ Archív ~ 1 \ Yahoo! \ Common \ unyt.exe
Broadcom 440x 10/100 Integrated Controller -> MsiExec.exe / X (612B9183-67A9-4B44-9877-2F059E35B86A)
Broadcom WLAN -> C: \ Arquivos de programa \ InstallShield Installation Information \ (13191B3F-D711-4906-81B3-5C47E031B235) \ setup.exe-runfromtemp-l0x000a-removeonly
Búsqueda en el escritorio de Windows 3.01 -> "C: \ WINDOWS \ $ NtUninstallKB917013 $ \ spuninst \ spunin st.exe"
Canon Camera Access Library -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ CAL \ Uninst.ini"
Canon Camera Support Core Library -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ CSCLIB \ Uninst.ini"
Canon G.726 WMP-Decoder -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ G726Decoder \ G726DecUnInstall.ini"
Canon MovieEdit tarefa para ZoomBrowser EX -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ ZoomBrowser EX \ Program \ MVWUninst.ini "
Canon RAW Image Task para ZoomBrowser EX -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ RAW Image Task \ Uninst.ini "
Canon Utilities CameraWindow DC_DV 5 para ZoomBrowser EX -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ CameraWindow \ CameraWindowDVC \ uninst. ini "
Canon Utilities CameraWindow DC_DV 6 para ZoomBrowser EX -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ CameraWindow \ CameraWindowDVC6 \ Unins t . ini "
Canon Utilities CameraWindow DC -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ CameraWindow \ CameraWindowDC \ uninst. Ini"
Canon Utilities CameraWindow -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ CameraWindow \ CameraWindowLauncher \ U ninst.ini"
Canon EOS Utilitário Utilitários -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ EOS Utility \ Uninst.ini"
Canon Utilities MyCamera DC -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ CameraWindow \ MyCameraDC \ Uninst.ini"
Canon Utilities MyCamera -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ CameraWindow \ MyCamera \ Uninst.ini"
Canon Utilities PhotoStitch -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ PhotoStitch \ Uninst.ini"
Canon Utilities RemoteCapture tarefa para ZoomBrowser EX -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ CameraWindow \ RemoteCaptureTask DC \ uninst. ini "
Canon Utilities ZoomBrowser EX -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ ZoomBrowser EX \ Program \ Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility -> "C: \ Arquivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Arquivos de programa \ Canon \ ZoomBrowser EX MCU \ Uninst.ini"
Chinês Simplificado Fontes Suporte para o Adobe Reader 9 -> MsiExec.exe / I (AC76BA86-7AD7-2447-0000-900000000003)
Dell Mobile Broadband Card Utility -> MsiExec.exe / X (DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28)
Dell Wireless WLAN Card -> "C: \ Arquivos de programa \ Dell \ Dell Wireless WLAN Card \ bcmwlu00.exe" verbose / rootkey = "Software \ Broadcom \ 802,11 \ UninstallInfo" / RootDir = "C: \ Arquivos de programa \ Dell \ Dell Wireless WLAN Card "
Diccionario Cambridge Klett Compact -> C: \ WINDOWS \ IsUn040a.exe-f "C: \ Arquivos de programa \ Cambridge \ ENS001CP \ Uninst.isu"
Digital Camera Driver -> C: \ Archív ~ 1 \ digita ~ 2 \ UNWISE.EXE C: \ Archív ~ 1 \ digita ~ 2 \ INSTALL.LOG
HijackThis 2.0.2 -> "C: \ Arquivos de programa \ Trend Micro \ HijackThis \ HijackThis.exe" / uninstall
Hotfix para o Microsoft. NET Framework 3,5 SP1 (KB953595) -> C: \ WINDOWS \ system32 \ msiexec.exe / package (CE2CDD62-0124-84D3-36CA-9F4DCF5C5BD9) / uninstall / qb + REBOOTPROMPT = ""
HP LaserJet 1150 / 1300 -> MsiExec.exe / x (1485B7CD-4CBD-4039-8EAE-5A22993D7F54)
HP Officejet J3500 Series -> C: \ Arquivos de programa \ HP \ Digital Imaging \ (B1D1B548-BD7D-40f9-80A4-A247E44BFCF4) \ setup \ hpzscr01.exe-datfile hpwscr15.dat
HP Smart Web Printing -> MsiExec.exe / X (415CDA53-9100-476F-A7B2-476691E117C7)
HP Update -> MsiExec.exe / X (8C6027FD-53DC-446D-BB75-CACD7028A134)
Intel (R) Graphics Media Accelerator Driver for Mobile -> RUNDLL32.EXE C: \ WINDOWS \ system32 \ ialmrem.dll, UninstallW2KIGfx2I D PCI \ VEN_8086 & DEV_2792 PCI \ VEN_8086 & DEV_2592
InterVideo MediaOne Galeria -> Rundll32 C: \ Archív ~ 1 \ Archív ~ 1 \ INSTAL ~ 1 \ motor \ 6 \ INTEL3 ~ 1 \ ct or.dll, LaunchSetup "C: \ Arquivos de programa \ InstallShield Installation Information \ (34F0D55F -C386-4195-9A5B-961D3F6ACD46) \ setup.exe "REMOVEALL
Java (TM) 6 Update 10 -> MsiExec.exe / X (26A24AE4-039D-4CA4-87B4-2F83216010FF)
Java (TM) 6 Update 7 -> MsiExec.exe / I (3248F0A8-6813-11D6-A77B-00B0D0160070)
Kaspersky Anti-Virus 2009 -> MsiExec.exe / I (6580C5A3-4EC5-2336-85F1-3448C5F6208A)
Kaspersky Anti-Virus 2009 -> MsiExec.exe / I (6580C5A3-4EC5-2336-85F1-3448C5F6208A)
Malwarebytes' Anti-Malware -> "C: \ Arquivos de programa \ Malwarebytes' Anti-Malware \ unins000.exe"
Microsoft. NET Framework 2.0 Service Pack 2 Language Pack - ESN -> MsiExec.exe / I (85AC0FFA-643D-3103-9310-7086ECB0C36C)
Microsoft. NET Framework 2.0 Service Pack 2 -> MsiExec.exe / I (C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F)
Microsoft. NET Framework 3.0 Service Pack 2 Language Pack - ESN -> MsiExec.exe / I (BDEDB104-4067-3D5E-81F0-DBEBFE856B45)
Microsoft. NET Framework 3.0 Service Pack 2 -> MsiExec.exe / I (A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7)
Microsoft. NET Framework 3,5 Language Pack SP1 - ESN -> MsiExec.exe / I (92E4A65F-7007-3357-A69A-167F71A337BD)
Microsoft. NET Framework 3,5 SP1 -> C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.5 \ Microso ft. NET Framework 3,5 SP1 \ setup.exe
Microsoft. NET Framework 3,5 SP1 -> MsiExec.exe / I (CE2CDD62-0124-84D3-36CA-9F4DCF5C5BD9)
Nomes de domínio internacionalizados Microsoft Mitigação APIs -> "C: \ WINDOWS \ $ NtServicePackUninstallIDNMitigationA IPs $ \ spuninst \ spuninst.exe"
Microsoft National Language Support Downlevel APIs -> "C: \ WINDOWS \ $ NtServicePackUninstallNLSDownlevelMa pping $ \ spuninst \ spuninst.exe"
Microsoft Office Access MUI (Espanhol) 2007 -> MsiExec.exe / X (90120000-0015-0C0A-0000-0000000FF1CE)
Microsoft Office Enterprise 2007 -> "C: \ Arquivos de programa \ Arquivos comuns \ Microsoft Shared \ OFFICE12 \ Office Setup Controller \ setup.exe" / uninstall ENTERPRISE / dll OSETUP.DLL
Microsoft Office Enterprise 2007 -> MsiExec.exe / X (90120000-0030-0000-0000-0000000FF1CE)
Microsoft Office Excel MUI (Espanhol) 2007 -> MsiExec.exe / X (90120000-0016-0C0A-0000-0000000FF1CE)
Microsoft Office Groove MUI (Espanhol) 2007 -> MsiExec.exe / X (90120000-00BA-0C0A-0000-0000000FF1CE)
Microsoft Office InfoPath MUI (Espanhol) 2007 (Beta) -> MsiExec.exe / X (30120000-0044-0C0A-0000-0000000FF1CE)
Microsoft Office OneNote MUI (Espanhol) 2007 -> MsiExec.exe / X (90120000-00A1-0C0A-0000-0000000FF1CE)
Microsoft Office Outlook MUI (Espanhol) 2007 -> MsiExec.exe / X (90120000-001A-0C0A-0000-0000000FF1CE)
Microsoft Office PowerPoint MUI (Espanhol) 2007 -> MsiExec.exe / X (90120000-0018-0C0A-0000-0000000FF1CE)
Microsoft Office Proof (basco) 2007 -> MsiExec.exe / X (90120000-001F-042D-0000-0000000FF1CE)
Microsoft Office Proof (catalão) 2007 -> MsiExec.exe / X (90120000-001F-0403-0000-0000000FF1CE)
Microsoft Office Proof (Inglês) 2007 -> MsiExec.exe / X (90120000-001F-0409-0000-0000000FF1CE)
Microsoft Office Proof (francês) 2007 -> MsiExec.exe / X (90120000-001F-040C-0000-0000000FF1CE)
Microsoft Office Proof (Galego) 2007 -> MsiExec.exe / X (90120000-001F-0456-0000-0000000FF1CE)
Microsoft Office Proof (Português (Brasil)) 2007 -> MsiExec.exe / X (90120000-001F-0416-0000-0000000FF1CE)
Microsoft Office Proof (Espanhol) 2007 -> MsiExec.exe / X (90120000-001F-0C0A-0000-0000000FF1CE)
Microsoft Office Proofing (Espanhol) 2007 -> MsiExec.exe / X (90120000-002C-0C0A-0000-0000000FF1CE)
Microsoft Office Publisher MUI (Espanhol) 2007 -> MsiExec.exe / X (90120000-0019-0C0A-0000-0000000FF1CE)
Microsoft Office Shared MUI (Espanhol) 2007 -> MsiExec.exe / X (90120000-006E-0C0A-0000-0000000FF1CE)
Microsoft Office Word MUI (Espanhol) 2007 -> MsiExec.exe / X (90120000-001B-0C0A-0000-0000000FF1CE)
Microsoft Visual C + + 2005 Redistributable -> MsiExec.exe / X (7299052b-02a4-4627-81f2-1818da5d550d)
Mozilla Firefox (2.0.0.18) -> C: \ Arquivos de programa \ Mozilla Firefox \ uninstall \ helper.exe
Mozilla Thunderbird (2.0.0.18) -> C: \ Arquivos de programa \ Mozilla Thunderbird \ uninstall \ helper.exe
MSN -> C: \ Arquivos de programa \ MSN \ MsnInstaller \ msninst.exe / Ação: ARP
MSXML 4.0 SP2 (KB936181) -> MsiExec.exe / I (C04E32E0-0416-434D-AFB9-6969D703A9EF)
OpenOffice.org 3.0 -> MsiExec.exe / I (F44DA61E-720D-4E79-871F-F6E628B33242)
Paquete de idioma do Microsoft. NET Framework 3,5 SP1 - ESN -> c: \ WINDOWS \ Microsoft.NET \ Framework \ v3.5 \ Microso ft. NET Framework 3,5 Language Pack SP1 - ESN \ setup.exe
QuickTime -> MsiExec.exe / I (08CA9554-B5FE-4313-938F-D4A417B81175)
Revisión para o Windows XP (KB952287 )-->" C: \ WINDOWS \ $ NtUninstallKB952287 $ \ spuninst \ spunin st.exe "
Atualização de segurança para o Excel 2007 (KB946974) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E)
Atualização de segurança para o Microsoft Office Publisher 2007 (KB950114) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85)
Atualização de segurança para o sistema Microsoft Office 2007 (KB951808) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (8F375E11-4FD6-4B89-9E2B-A76D48B51E00)
Atualização de segurança para o Microsoft Office Word 2007 (KB950113) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (AD72BABE-C733-4FCF-9674-4314466191B9)
Atualização de segurança para o Office 2007 (KB947801) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E)
SigmaTel Audio -> Rundll32 C: \ Archív ~ 1 \ Archív ~ 1 \ INSTAL ~ 1 \ profis ~ 1 \ Runtime \ 10 \ 01 \ Intel32 \ Ctor.dll, LaunchSetup "C: \ Arquivos de programa \ InstallShield Installation Information \ (A462213D-EED4-42C2-9A60-7BDD4D4B0B17) \ setup.exe "-l0xa-remover-removeonly
Skype ™ 3.8 -> MsiExec.exe / X (5C82DAE5-6EB0-4374-9254-BE3319BA4E82)
Synaptics Pointing Device Driver -> rundll32.exe "C: \ Arquivos de programa \ Synaptics \ SynTP \ SynISDLL.dll", standAloneU ninstall
Uniblue DriverScanner 2009 -> "C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ (D5ABFFAD-D592-4F98-B02B-587125B4801F) \ DriverScanner_Setup.exe" REMOVA = TRUE MODIFY = FALSO
Uniblue DriverScanner 2009 -> C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ (D5ABFFAD-D592-4F98-B02B-587125B4801F) \ DriverScanner_Setup.exe
Uniblue RegistryBooster 2009 -> "C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ (B46E1EF5-0B37-4DB4-A4E2-9F2B41036185) \ Uniblue RegistryBooster.exe" REMOVA = TRUE MODIFY = FALSO
Uniblue RegistryBooster 2009 -> C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ (B46E1EF5-0B37-4DB4-A4E2-9F2B41036185) \ Uniblue RegistryBooster.exe
Uniblue SpeedUpMyPC 2009 -> "C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ (51019853-129-4EDE-9030-D5FD7BBD9AD0) \ SpeedUpMyPC.exe" REMOVA = TRUE MODIFY = FALSO
Uniblue SpeedUpMyPC 2009 -> C: \ Documents and Settings \ All Users.WINDOWS \ Dados de programa \ (51019853-129-4EDE-9030-D5FD7BBD9AD0) \ SpeedUpMyPC.exe
Unlocker 1.8.7 -> C: \ Arquivos de programa \ Unlocker \ Uninst.exe
Atualização para o Microsoft Office Outlook 2007 (KB952142) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (4AD3A076-427C-491F-A5B7-7D1DE788A756)
Atualização para o Office 2007 (KB946691) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (A420F522-7395-4872-9882-C591B4B92278)
Atualização para Outlook 2007 Junk Email Filter (kb953463) -> msiexec / package (90120000-0030-0000-0000-0000000FF1CE) / uninstall (1B78D541-9FF1-4330-ADD8-CED14F0C1E8E)
Winamp -> "C: \ Arquivos de programa \ Winamp \ UninstWA.exe"
Windows Live Asistente para el inicio de sesión -> MsiExec.exe / I (AFA4E5FD-ED70-4D92-99D0-162FD56DC986)
Windows Live installer -> MsiExec.exe / X (9E1DDBE7-BF44-4AC8-87CA-3D25FC63C6E1)
Windows Live Messenger -> MsiExec.exe / X (FC411B47-30BF-428C-9C1E-F6C54A94EA7E)
Windows Media Format Runtime -> "C: \ Arquivos de programa \ Windows Media Player \ Wmsetsdk.exe" / UninstallAll
WinRAR Archiver -> C: \ Arquivos de programa \ WinRAR \ uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0 -> "C: \ WINDOWS \ $ NtUninstallXPSEPSCLP $ \ spuninst \ spuni nst.exe"
Yahoo! Messenger -> C: \ Archív ~ 1 \ Yahoo! \ Messenger \ UNWISE.EXE / uc: \ Archív ~ 1 \ Yahoo! \ Messenger \ INSTALL.LOG

===== HijackThis Backups =====

O23 - Service: Zumie Search Service - Unknown owner - C: \ Arquivos de programa \ Zumie \ zumie.exe (arquivo ausente)

====== Hosts File ======

127.0.0.1 localhost

====== Security center information ======

AV: Kaspersky Anti-Virus (desatualizado)

====== Ambiente variáveis ======

"ComSpec" =% SystemRoot% \ system32 \ cmd.exe
"Path" =% SystemRoot% \ system32;% SystemRoot%;% SystemR oot% \ System32 \ Wbem; C: \ Arquivos de programa \ QuickTime \ QTSystem \
"windir" =% SystemRoot%
"FP_NO_HOST_CHECK" = NÃO
"SO" = Windows_NT
"PROCESSOR_ARCHITECTURE" = x86
"PROCESSOR_LEVEL" = 6
"PROCESSOR_IDENTIFIER" = x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION" = 0d08
"NUMBER_OF_PROCESSORS" = 1
"PATHEXT" =. COM;. EXE,. MTD;. CMD;. VBS;. VBE;. JS;. Jse,. FSM;. WSH
"TEMP" =% SystemRoot% \ TEMP
"TMP" =% SystemRoot% \ TEMP
"CLASSPATH" =.; C: \ Arquivos de programa \ QuickTime \ QTSystem \ QTJava.zip
"QTJAVA" = C: \ Arquivos de programa \ QuickTime \ QTSystem \ QTJava.zip

----------------- ----------------- EOF

**kathymer** · #9 29 de novembro de 2008, 08:12

Malwarebytes' Anti-Malware 1/30
Database version: 1433
5/1/2600 Windows Service Pack 3

29/11/2008 10:55:13 pm
mbam-log-2008-11-29 (22-55-13). txt

Scan type: Quick Scan
Objetos digitalizados: 68095
Tempo decorrido: 10 minuto (s), 45 segundo (s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Valores do Registro infectados: 0
Dados de Registro Items Infected: 2
Pastas infectadas: 11
Arquivos infectados: 28

Memory Processes Infected:
(N º itens maliciosos detectados)

Memory Modules Infected:
C: \ WINDOWS \ system32 \ ljJyVnom.dll (Trojan.Vundo.H) -> Excluir no reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (459f140e-1635-41de-8061-8de0ab740e28) (Trojan.Vundo.H) -> Excluir no reboot.
HKEY_CLASSES_ROOT \ CLSID \ (459f140e-1635-41de-8061-8de0ab740e28) (Trojan.Vundo.H) -> Excluir no reboot.
HKEY_CLASSES_ROOT \ Interface \ (48e92754-2daf-4de4-8385-34f631580e9b) (Trojan.FakeAlert) -> quarentena e eliminado com sucesso.
HKEY_CLASSES_ROOT \ Interface \ (a1c23ba2-8F20-4c01-b663-7ff2b3421194) (Trojan.FakeAlert) -> quarentena e eliminado com sucesso.
HKEY_CLASSES_ROOT \ CLSID \ (d37d6c1a-7ba4-47F4-9bf2-75031e257df6) (Trojan.FakeAlert) -> quarentena e eliminado com sucesso.
HKEY_CLASSES_ROOT \ TypeLib \ (84562fca-ee8b-4585-a1d1-eae97b23370e) (Trojan.FakeAlert) -> quarentena e eliminado com sucesso.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Ext \ Stats \ (098716a9-0310-4cbe-bd64-b790a9761158) (Trojan.FakeAlert) -> quarentena e eliminado com sucesso.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> quarentena e eliminado com sucesso.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> quarentena e eliminado com sucesso.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> quarentena e eliminado com sucesso.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> quarentena e eliminado com sucesso.

Valores do Registro infectados:
(N º itens maliciosos detectados)

Dados de Registro Items Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Notification Packages (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ ljjyvnom -> quarentena e eliminado com sucesso.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Authentication Packages (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ ljjyvnom -> Excluir no reboot.

Folders Infected:
C: \ Documents and Settings \ TrackerVsrGroup \ Dados de programa \ rhcvllj0e32r (Rogue.Multiple) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Dados de programa \ rhcvllj0e32r \ Quarantine (Rogue.Multiple) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Dados de programa \ rhcvllj0e32r \ Quarantine \ Autorun (Rogue.Multiple) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Dados de programa \ rhcvllj0e32r \ Quarantine \ Autorun \ HKCU (Rogue.Multiple) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Dados de programa \ rhcvllj0e32r \ Quarantine \ Autorun \ HKCU \ Runo NCE (Rogue.Multiple) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Dados de programa \ rhcvllj0e32r \ Quarantine \ Autorun \ HKLM (Rogue.Multiple) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Dados de programa \ rhcvllj0e32r \ Quarantine \ Autorun \ HKLM \ Runo NCE (Rogue.Multiple) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Dados de programa \ rhcvllj0e32r \ Quarantine \ Autorun \ StartMenu AllUsers (Rogue.Multiple) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Dados de programa \ rhcvllj0e32r \ Quarantine \ Autorun \ StartMenu CurrentUser (Rogue.Multiple) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Dados de programa \ rhcvllj0e32r \ Quarantine \ BrowserObjects (Rogue.Multiple) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Dados de programa \ rhcvllj0e32r \ Quarantine \ Packages (Rogue.Multiple) -> quarentena e eliminado com sucesso.

Arquivos Infectados:
C: \ WINDOWS \ system32 \ ljJyVnom.dll (Trojan.Vundo.H) -> Excluir no reboot.
C: \ WINDOWS \ system32 \ monVyJjl.ini (Trojan.Vundo.H) -> Excluir no reboot.
C: \ WINDOWS \ system32 \ monVyJjl.ini2 (Trojan.Vundo.H) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ egurvpxu.dll (Trojan.Vundo.H) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ uxpvruge.ini (Trojan.Vundo.H) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ ioodgsis.dll (Trojan.Vundo.H) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ sisgdooi.ini (Trojan.Vundo.H) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ olcxvcls.dll (Trojan.Vundo.H) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ slcvxclo.ini (Trojan.Vundo.H) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ qxxiopls.dll (Trojan.Vundo.H) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ slpoixxq.ini (Trojan.Vundo.H) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ tlpvqfqf.dll (Trojan.Vundo.H) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ fqfqvplt.ini (Trojan.Vundo.H) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ yqbfrwpg.dll (Trojan.Vundo.H) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ gpwrfbqy.ini (Trojan.Vundo.H) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ geBqRhEv.dll (Trojan.Vundo) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ jkkKbxWp.dll (Trojan.Vundo) -> quarentena e eliminado com sucesso.
C: \ recycler \ S-1-5-21-230849927-757894242-3647583486-1006 \ Dc339.exe (Adware.Seekmo) -> quarentena e eliminado com sucesso.
C: \ recycler \ S-1-5-21-230849927-757894242-3647583486-1006 \ Dc340.exe (Adware.Seekmo) -> quarentena e eliminado com sucesso.
C: \ recycler \ S-1-5-21-230849927-757894242-3647583486-1006 \ Dc343.exe (Adware.Seekmo) -> quarentena e eliminado com sucesso.
C: \ Arquivos de programa \ Mozilla Firefox \ regxpcom.exe (Trojan.FBrowsingAdvisor) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Configuración local \ Temp \ nsp116.tmp \ blowfish.dll (Trojan.FakeAlert) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Escritorio \ Antivirus XP 2008.lnk (Rogue.Antivirus) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ All Users \ Escritorio \ Antivirus XP 2008.lnk (Rogue.Antivirus) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Dados de programa \ Microsoft \ Internet Explorer \ Quick Launch \ Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Dados de programa \ Microsoft \ Internet Explorer \ Quick Launch \ Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ Mauricio \ Configuración local \ Temp \ lwpwer.exe (Trojan.FakeAlert) -> quarentena e eliminado com sucesso.
C: \ Documents and Settings \ TrackerVsrGroup \ Escritorio \ SystemDefender. Lnk (Rogue.SystemDefender) -> quarentena e eliminado com sucesso.

**kathymer** · #10 29 de novembro de 2008, 08:14

Bem, aí estão os 3 logs que você pediu, deixe-me saber se alguma coisa tem de ser feito.
E, graças um lote, a sua ajuda e de tempo.

Eu realmente aprecio isso.

Kathy.