Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Kuevas

Log Hijackthis

Recommended Posts

Boa noite, amigos!

Instalei o Avast U3 no meu pendrive U3 Kingston e quando atualizei seus dados, me deu a mensagem:

- INFECTED OBJECT: E:\AUTORUN.EXE\[uPX]

- MALWARE TYPE: VIRUS/WORM

- MALWARE NAME: WIN32:ROOTKIT-GEN[RTK]

Algum expert poderá me dizer o que fazer? Esse problema estaria no pendrive?

Segue o log do Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 19:49, on 2008-10-05

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

E:\UTIL\Antivirus Anti-Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.etapa.com.br/wrdb/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~1\GbPlugin\gbiehuni.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Voice Editing Launcher - C:\Program Files\Panasonic\Voice Editing\VEd1_IEMenu.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)

O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://speed.travian.com.br

O15 - Trusted Zone: http://speed-server.travian.com.br

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1205789860_349be9ec248706029b3a1d74ecc54b4d&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{891A0DA7-BCDC-487C-A966-91645BD631EE}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~1\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 19:24, on 08/10/2008

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16705)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\PROGRA~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\slserv.exe

    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Windows Live\Messenger\usnsvc.exe

    C:\Program Files\Last.fm\LastFM.exe

    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

    C:\Documents and Settings\Anderson\Application Data\U3\0BF10B60F1931A08\LaunchPad.exe

    E:\UTIL\Antivirus Anti-Spyware\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.etapa.com.br/wrdb/index.php

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

    O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehabn.dll

    O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~1\GbPlugin\gbiehuni.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

    O8 - Extra context menu item: Voice Editing Launcher - C:\Program Files\Panasonic\Voice Editing\VEd1_IEMenu.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)

    O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

    O11 - Options group: [iNTERNATIONAL] International*

    O15 - Trusted Zone: http://speed.travian.com.br

    O15 - Trusted Zone: http://speed-server.travian.com.br

    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{891A0DA7-BCDC-487C-A966-91645BD631EE}: NameServer = 200.204.0.10,200.204.0.138

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehabn.dll

    O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll

    O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~1\GbPlugin\gbiehuni.dll

    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

    O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Kuevas

    Bem vindo à Remoção de Malware

    Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-la novamente.

    Atente para o seguinte, por favor:

    1) Estarei acompanhado os procedimentos de análise de seu log, retornarei tão logo que seja possível!;

    2) Não tome nenhum procedimento até começarmos;

    3) O que será passado aqui somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;

    4) Caso tenha outro computador abra um novo tópico com seu respectivo log;

    5) Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;

    6) Sempre coloque suas respostas neste tópico... Não abra outro!

    Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar sob risco de desconfigurar seu computador!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Kuevas

    Vamos lá,

    Faça o download de OTListIt e salve no desktop.

    • Duplo clique no icone da ferrameta que está no seu desktop.
    • Clique emk Run Scan e deixe a ferramenta ser executada.
    • Quando a ferramenta finalizar o the scan, gerará dois arquivos texto:
      • OTViewIt.Txt <- Será automaticamente aberto no Bloco de Notas
      • Extras.txt <- estará no desktop

      [*] Copie (Ctrl+C) e cole (Ctrl+V) todo o conteudo do arquivo OTViewIt.Txt e do Extras.txt na sua proxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • OTListIt logfile created on: 10/10/2008 18:17:57 - Run

    OTListIt by OldTimer - Version 1.0.7.0 Folder = C:\Documents and Settings\Anderson\Desktop

    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 7.0.5730.13)

    Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

    1023.48 Mb Total Physical Memory | 398.50 Mb Available Physical Memory | 38.94% Memory free

    2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.29% Paging File free

    Paging file location(s): C:\pagefile.sys 1536 3072;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 116.44 Gb Total Space | 9.43 Gb Free Space | 8.10% Space Free | Partition Type: NTFS

    Drive D: | 116.44 Gb Total Space | 9.75 Gb Free Space | 8.38% Space Free | Partition Type: NTFS

    Drive E: | 116.44 Gb Total Space | 4.58 Gb Free Space | 3.93% Space Free | Partition Type: NTFS

    Drive F: | 116.45 Gb Total Space | 5.39 Gb Free Space | 4.63% Space Free | Partition Type: NTFS

    Drive G: | 73.24 Gb Total Space | 1.02 Gb Free Space | 1.40% Space Free | Partition Type: NTFS

    Drive H: | 38.57 Gb Total Space | 3.15 Gb Free Space | 8.15% Space Free | Partition Type: NTFS

    I: Drive not present or media not loaded

    Drive L: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Drive M: | 1.87 Gb Total Space | 0.24 Gb Free Space | 13.04% Space Free | Partition Type: FAT32

    Computer Name: A64

    Current User Name: Anderson

    Logged in as Administrator.

    Current Boot Mode: Normal

    Scan Mode: Current user

    Whitelist: On

    File Age = 30 Days

    ========== Processes ==========

    [2008/09/26 20:28:54 | 00,047,080 | ---- | M] () -- C:\Program Files\GbPlugin\gbpsv.exe

    [2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

    [2007/02/10 10:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

    [2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

    [2006/03/09 14:29:00 | 00,143,436 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

    [2004/08/03 23:56:58 | 00,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe

    [2007/02/10 10:29:47 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

    [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    [2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

    [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

    [2007/11/07 14:34:50 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe

    [2008/05/28 16:13:28 | 01,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe

    [2007/05/11 02:06:38 | 00,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

    [2007/05/13 11:57:46 | 05,308,416 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe

    [2008/05/04 16:02:26 | 04,603,904 | ---- | M] () -- C:\Documents and Settings\Anderson\Application Data\U3\0BF10B60F1931A08\LaunchPad.exe

    [2008/06/17 21:09:32 | 00,143,976 | ---- | M] (PortableApps.com) -- M:\System\Apps\DBE32832-B0BD-4B71-A9A8-D0873565E545\Data\Firefox.exe

    [2008/09/28 21:29:58 | 00,307,712 | ---- | M] (Mozilla Corporation) -- M:\System\Apps\DBE32832-B0BD-4B71-A9A8-D0873565E545\Data\App\firefox\firefox.exe

    [2008/10/10 18:14:59 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anderson\Desktop\OTListIt.exe

    ========== (O23) Win32 Services ==========

    [2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

    [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

    [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

    [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

    [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

    File not found -- -- (GbpSv [unknown | Running])

    [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

    [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

    [2007/02/10 10:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])

    [2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Running])

    [2005/10/14 07:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [On_Demand | Stopped])

    [2007/11/07 08:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90 [Disabled | Stopped])

    [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

    [2006/03/09 14:29:00 | 00,143,436 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

    [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

    [2008/04/07 09:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])

    [2004/08/03 23:56:58 | 00,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe -- (SLService [Auto | Running])

    [2007/02/10 10:29:47 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])

    [2000/08/06 01:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])

    [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])

    [2007/11/07 14:34:50 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

    [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

    ========== Driver Services ==========

    [2004/11/17 08:05:38 | 02,297,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

    [2006/05/10 10:27:00 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [system | Running])

    [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

    [2001/10/02 07:37:40 | 00,017,432 | ---- | M] (lecs Inc.) -- C:\WINDOWS\system32\drivers\IcRecUsb.sys -- (IcRecUsb [Auto | Stopped])

    [2001/08/17 10:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir [On_Demand | Running])

    [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])

    [2004/08/03 21:41:40 | 00,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])

    [2004/08/03 21:41:38 | 01,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])

    [2007/11/29 10:39:42 | 00,016,896 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])

    [2007/11/29 10:39:40 | 00,019,328 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])

    [2004/08/03 21:41:40 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax [On_Demand | Stopped])

    [2006/03/09 14:29:00 | 03,650,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

    [2004/09/02 03:24:38 | 00,082,816 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [boot | Running])

    [2004/10/19 17:01:02 | 00,033,280 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Stopped])

    [2004/10/19 17:01:04 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])

    [2004/09/02 03:24:40 | 00,067,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [boot | Running])

    [2007/09/17 15:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])

    [2001/08/23 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

    [2004/12/20 15:37:14 | 00,020,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

    [2004/08/03 21:41:40 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys -- (RecAgent [On_Demand | Stopped])

    [2007/11/13 07:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

    [2004/08/03 21:41:44 | 00,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr [On_Demand | Running])

    [2004/08/03 21:41:46 | 00,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal [On_Demand | Stopped])

    [2003/01/16 14:19:32 | 00,039,348 | ---- | M] (Vireo Software) -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup [On_Demand | Running])

    [2005/08/30 01:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])

    [2005/08/30 01:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])

    [2005/08/30 01:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])

    [2006/07/24 16:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [system | Running])

    [2007/11/29 10:39:42 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])

    [2008/04/13 15:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])

    [2007/11/29 10:39:52 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])

    [2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

    [2004/10/26 20:24:00 | 00,223,104 | R--- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])

    ========== Internet Explorer ==========

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.etapa.com.br/wrdb/index.php

    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    O1 HOSTS File: (863 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

    O1 - Hosts: 127.0.0.1 localhost

    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

    O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)

    O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)

    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

    O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)

    O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

    O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll (Banco Unibanco)

    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

    O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

    O4 - HKLM..\Run: [] File not found

    O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)

    O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

    O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)

    O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -2817

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

    O8 - Extra context menu item: Voice Editing Launcher - C:\Program Files\Panasonic\Voice Editing\VEd1_IEMenu.html

    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

    O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler\Fiddler.exe (Eric Lawrence)

    O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler\Fiddler.exe (Eric Lawrence)

    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

    O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

    O15 - HKCU\..Trusted Sites: speed.travian.com.br (http in Trusted sites)

    O15 - HKCU\..Trusted Sites: speed.travian.com.br (https in Trusted sites)

    O15 - HKCU\..Trusted Sites: speed-server.travian.com.br (http in Trusted sites)

    O15 - HKCU\..Trusted Sites: speed-server.travian.com.br (https in Trusted sites)

    O15 - HKCU\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key does not exist or could not be opened.)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://www14.bancobrasil.com.br/plugin/GbpDist.cab (GbpDistObj Class)

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab (GbPluginObj Class)

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab (GbPluginObj Class)

    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 200.204.0.10,200.204.0.138

    O18 - Protocol\Handler: - ipp - No CLSID value found

    O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler: - livecall - C:\Program Files\Windows Live\Messenger\msgrapp.9.0.1407.1107.dll (Microsoft Corporation)

    O18 - Protocol\Handler: - msdaipp - No CLSID value found

    O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler: - ms-help - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

    O18 - Protocol\Handler: - msnim - C:\Program Files\Windows Live\Messenger\msgrapp.9.0.1407.1107.dll (Microsoft Corporation)

    O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

    O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

    O18 - Protocol\Handler: - saphtmlp - c:\Program Files\Common Files\SAP Shared\System\SAPHTMLP.DLL (SAP AG, Walldorf)

    O18 - Protocol\Handler: - sapr3 - c:\Program Files\Common Files\SAP Shared\System\SAPHTMLP.DLL (SAP AG, Walldorf)

    O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

    O20 - See sections below for AppInitDlls and Winlogon settings

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C}C:\Program Files\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)

    O22 - SharedTaskScheduler: (scpLIB) - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)

    ========== Winlogon Notify Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

    GbPluginAbn: "DllName" = C:\PROGRA~1\GbPlugin\gbiehabn.dll -- C:\Program Files\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

    GbPluginBb: "DllName" = C:\PROGRA~1\GBPLUGIN\gbieh.dll -- C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)

    GbPluginUni: "DllName" = C:\PROGRA~1\GbPlugin\gbiehuni.dll -- C:\Program Files\GbPlugin\gbiehuni.dll (Banco Unibanco)

    ========== Shell Execute Hooks ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399007}" (HKLM) -- C:\Program Files\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

    "{E37CB5F0-51F5-4395-A808-5FA49E399008}" (HKLM) -- C:\Program Files\GbPlugin\gbiehuni.dll (Banco Unibanco)

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" (HKLM) -- C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)

    ========== Safeboot Options ==========

    "AlternateShell" = cmd.exe

    ========== CDRom AutoRun Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

    "AutoRun" = 1

    ========== Autorun Files on Drives ==========

    AUTOEXEC.BAT []

    [2008/01/26 14:36:35 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

    autorun.inf []

    [2008/08/18 10:51:38 00,000,000 | RHSD | M] -- C:\autorun.inf -- [ NTFS ]

    autorun.inf []

    [2008/08/18 10:51:38 00,000,000 | RHSD | M] -- D:\autorun.inf -- [ NTFS ]

    AUTORUN.EXE [MZP | ]

    [2008/05/05 09:24:20 | 00,034,816 | RHS- | M] (Microsoft Corporation) -- E:\AUTORUN.EXE -- [ NTFS ]

    AUTORUN.INF [[AUTORUN] | | Shellexecute=AUTORUN.EXE | ]

    [2008/08/17 23:15:45 | 00,000,036 | RHS- | M] () -- E:\AUTORUN.INF -- [ NTFS ]

    AUTORUN.EXE [MZP | ]

    [2008/05/05 09:24:20 | 00,034,816 | RHS- | M] (Microsoft Corporation) -- F:\AUTORUN.EXE -- [ NTFS ]

    AUTORUN.INF [[AUTORUN] | | Shellexecute=AUTORUN.EXE | ]

    [2008/08/17 23:15:45 | 00,000,036 | RHS- | M] () -- F:\AUTORUN.INF -- [ NTFS ]

    AUTORUN.EXE [MZP | ]

    [2008/05/05 09:24:20 | 00,034,816 | RHS- | M] (Microsoft Corporation) -- G:\AUTORUN.EXE -- [ NTFS ]

    AUTORUN.INF [[AUTORUN] | | Shellexecute=AUTORUN.EXE | ]

    [2008/08/17 23:15:45 | 00,000,036 | RHS- | M] () -- G:\AUTORUN.INF -- [ NTFS ]

    AUTORUN.EXE [MZP | ]

    [2008/05/05 09:24:20 | 00,034,816 | RHS- | M] (Microsoft Corporation) -- H:\AUTORUN.EXE -- [ NTFS ]

    AUTORUN.INF [[AUTORUN] | | Shellexecute=AUTORUN.EXE | ]

    [2008/08/17 23:15:45 | 00,000,036 | RHS- | M] () -- H:\AUTORUN.INF -- [ NTFS ]

    autorun.inf [[AutoRun] | open=LaunchU3.exe -a | icon=LaunchU3.exe,0 | action=Run U3 Launchpad | | [Definitions] | Launchpad=LaunchPad.exe | Vtype=2 | | [CopyFiles] | FileNumber=1 | File1=LaunchPad.zip | | [update] | URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.6.1.2&brand=PelicanBFG | | | [Comment] | brand=PelicanBFG | ]

    [2008/05/06 09:26:23 | 00,000,309 | R--- | M] () -- L:\autorun.inf -- [ CDFS ]

    AUTORUN.INF [[AUTORUN] | | Shellexecute=AUTORUN.EXE | ]

    [2008/08/18 08:36:36 | 00,000,036 | RHS- | M] () -- M:\AUTORUN.INF -- [ FAT32 ]

    ========== MountPoints2 ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{216f64ac-d642-11dc-a9f8-000fea820db6}\Shell]

    "" = AutoRun

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{216f64ac-d642-11dc-a9f8-000fea820db6}\Shell\AutoRun]

    "" = Auto&Play

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{216f64ac-d642-11dc-a9f8-000fea820db6}\Shell\AutoRun\command]

    "" = L:\LaunchU3.exe -- [2007/10/23 04:45:39 | 01,336,632 | R--- | M] ()

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{216f64ad-d642-11dc-a9f8-000fea820db6}\Shell]

    "" = AutoRun

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{216f64ad-d642-11dc-a9f8-000fea820db6}\Shell\AutoRun]

    "" = Auto&Play

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f41ac006-6b0c-11dd-ab29-000fea820db6}\Shell]

    "" = AutoRun

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f41ac006-6b0c-11dd-ab29-000fea820db6}\Shell\AutoRun]

    "" = Auto&Play

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ========== Files/Folders - Created Within 30 Days ==========

    [5 C:\WINDOWS\*.tmp files]

    [2008/10/10 18:14:58 | 00,416,768 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anderson\Desktop\OTListIt.exe

    [2008/10/09 13:25:31 | 18,426,4704 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\[DB-BR]_Bleach_189_[b40DE81C].avi

    [2008/10/07 21:28:59 | 00,044,744 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\Heroes.S03E04.HDTV.XviD-LOL.srt

    [2008/10/07 18:19:45 | 36,674,5600 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\Heroes.S03E04.HDTV.XviD-LOL.avi

    [2008/10/05 19:02:08 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17601.exe

    [2008/10/05 18:59:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\erdnt

    [2008/10/05 18:59:13 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe

    [2008/10/05 18:59:13 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

    [2008/10/05 18:59:13 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

    [2008/10/05 18:59:13 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

    [2008/10/05 18:59:13 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe

    [2008/10/05 18:59:13 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

    [2008/10/05 18:59:13 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

    [2008/10/05 18:59:13 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

    [2008/10/05 18:59:13 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

    [2008/10/05 18:59:09 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17020.exe

    [2008/10/05 15:55:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anderson\Application Data\Nokia Multimedia Player

    [2008/10/04 18:31:05 | 28,858,5846 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\[DB]_Naruto_Shippuuden_078-079_Sub_Portuguese_Brazilian_[6C7144CF].avi

    [2008/10/03 00:18:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

    [2008/10/01 19:16:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anderson\Application Data\Thinstall

    [2008/09/28 17:35:06 | 00,011,101 | ---- | C] () -- C:\Documents and Settings\Anderson\Application Data\NMM-MetaData.db

    [2008/09/26 16:33:30 | 28,852,1284 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\[DB]_Naruto_Shippuuden_076-077_[933CA825].avi

    [2008/09/25 15:36:09 | 00,055,501 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\vrlvd12a.zip

    [2008/09/24 19:28:28 | 00,000,429 | ---- | C] () -- C:\WINDOWS\VideoToAudioConverter.ini

    [2008/09/24 19:27:50 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySVid.dat

    [2008/09/24 19:27:46 | 00,001,025 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\Video to Audio Converter.lnk

    [2008/09/24 19:27:46 | 00,000,000 | ---D | C] -- C:\Program Files\SuperAudiotool

    [2008/09/24 19:27:32 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p4now.sys

    [2008/09/24 19:20:10 | 00,000,000 | ---D | C] -- C:\TEMP

    [2008/09/24 19:19:05 | 00,000,000 | ---D | C] -- C:\Program Files\AVI MPEG WMV RM to MP3 Converter

    [2008/09/24 19:11:55 | 00,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk

    [2008/09/24 19:11:52 | 00,000,000 | ---D | C] -- C:\Program Files\MediaMonkey

    [2008/09/24 16:50:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anderson\My Documents\Fiddler

    [2008/09/24 16:50:06 | 00,000,000 | ---D | C] -- C:\Program Files\Fiddler

    [2008/09/23 19:31:39 | 00,000,339 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\Heroes.lnk

    [2008/09/22 18:33:30 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    [2008/09/22 18:33:26 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

    [2008/09/22 18:32:12 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes

    [2008/09/22 18:32:12 | 00,000,000 | ---D | C] -- C:\Program Files\iPod

    [2008/09/22 18:32:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

    [2008/09/22 18:31:10 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

    [2008/09/22 18:10:52 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour

    [2008/09/18 13:26:56 | 18,413,9776 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\[DB-BR]_Bleach_188_[8C30895D].avi

    [2008/09/12 13:13:01 | 17,839,6474 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\[DB]_Naruto_Shippuuden_075_Sub_Portuguese_Brazilian_[1564AA3A].avi

    [2008/09/11 15:18:59 | 18,430,7712 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\[DB-BR]_Bleach_187_[37E6F40E].avi

    ========== Files - Modified Within 30 Days ==========

    [1 C:\WINDOWS\System32\*.tmp files]

    [5 C:\WINDOWS\*.tmp files]

    [2008/10/10 18:17:35 | 00,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini

    [2008/10/10 18:14:59 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anderson\Desktop\OTListIt.exe

    [2008/10/10 17:39:21 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

    [2008/10/10 17:34:29 | 00,115,200 | ---- | M] () -- C:\Documents and Settings\Anderson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2008/10/10 14:20:40 | 00,008,251 | ---- | M] () -- C:\WINDOWS\WDIC.INI

    [2008/10/10 06:00:19 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\FTP.Cetip.job

    [2008/10/09 19:20:57 | 00,000,632 | ---- | M] () -- C:\WINDOWS\ODBC.INI

    [2008/10/09 13:50:17 | 18,426,4704 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\[DB-BR]_Bleach_189_[b40DE81C].avi

    [2008/10/09 12:15:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    [2008/10/07 22:34:47 | 36,674,5600 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\Heroes.S03E04.HDTV.XviD-LOL.avi

    [2008/10/07 04:54:23 | 00,044,744 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\Heroes.S03E04.HDTV.XviD-LOL.srt

    [2008/10/05 20:48:26 | 00,000,583 | ---- | M] () -- C:\Documents and Settings\Anderson\My Documents\My Sharing Folders.lnk

    [2008/10/05 19:40:02 | 00,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

    [2008/10/05 19:40:01 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2008/10/05 19:39:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

    [2008/10/05 19:39:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2008/10/05 19:02:05 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17601.exe

    [2008/10/05 18:59:06 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17020.exe

    [2008/10/04 19:26:42 | 28,858,5846 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\[DB]_Naruto_Shippuuden_078-079_Sub_Portuguese_Brazilian_[6C7144CF].avi

    [2008/10/01 18:43:00 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\SySVid.dat

    [2008/10/01 18:42:43 | 00,000,429 | ---- | M] () -- C:\WINDOWS\VideoToAudioConverter.ini

    [2008/09/28 17:40:08 | 00,011,101 | ---- | M] () -- C:\Documents and Settings\Anderson\Application Data\NMM-MetaData.db

    [2008/09/26 17:24:28 | 28,852,1284 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\[DB]_Naruto_Shippuuden_076-077_[933CA825].avi

    [2008/09/25 15:36:10 | 00,055,501 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\vrlvd12a.zip

    [2008/09/24 19:27:46 | 00,001,025 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\Video to Audio Converter.lnk

    [2008/09/24 19:27:32 | 00,003,082 | ---- | M] () -- C:\WINDOWS\System32\affv11300p4now.sys

    [2008/09/24 19:11:55 | 00,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk

    [2008/09/23 19:31:39 | 00,000,339 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\Heroes.lnk

    [2008/09/18 14:17:37 | 18,413,9776 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\[DB-BR]_Bleach_188_[8C30895D].avi

    [2008/09/12 14:18:21 | 17,839,6474 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\[DB]_Naruto_Shippuuden_075_Sub_Portuguese_Brazilian_[1564AA3A].avi

    [2008/09/11 15:40:40 | 18,430,7712 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\[DB-BR]_Bleach_187_[37E6F40E].avi

    < End of report >

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • OTListIt Extras logfile created on: 10/10/2008 18:17:57 - Run

    OTListIt by OldTimer - Version 1.0.7.0 Folder = C:\Documents and Settings\Anderson\Desktop

    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 7.0.5730.13)

    Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

    1023.48 Mb Total Physical Memory | 398.50 Mb Available Physical Memory | 38.94% Memory free

    2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.29% Paging File free

    Paging file location(s): C:\pagefile.sys 1536 3072;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 116.44 Gb Total Space | 9.43 Gb Free Space | 8.10% Space Free | Partition Type: NTFS

    Drive D: | 116.44 Gb Total Space | 9.75 Gb Free Space | 8.38% Space Free | Partition Type: NTFS

    Drive E: | 116.44 Gb Total Space | 4.58 Gb Free Space | 3.93% Space Free | Partition Type: NTFS

    Drive F: | 116.45 Gb Total Space | 5.39 Gb Free Space | 4.63% Space Free | Partition Type: NTFS

    Drive G: | 73.24 Gb Total Space | 1.02 Gb Free Space | 1.40% Space Free | Partition Type: NTFS

    Drive H: | 38.57 Gb Total Space | 3.15 Gb Free Space | 8.15% Space Free | Partition Type: NTFS

    I: Drive not present or media not loaded

    Drive L: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Drive M: | 1.87 Gb Total Space | 0.24 Gb Free Space | 13.04% Space Free | Partition Type: FAT32

    Computer Name: A64

    Current User Name: Anderson

    Logged in as Administrator.

    Current Boot Mode: Normal

    Scan Mode: Current user

    Whitelist: On

    File Age = 30 Days

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    "AntiVirusDisableNotify" = 0

    "FirewallDisableNotify" = 0

    "UpdatesDisableNotify" = 0

    "AntiVirusOverride" = 1

    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [2008/04/13 15:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

    [2007/11/07 14:34:30 | 03,739,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

    [2007/10/26 15:20:20 | 00,496,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

    [2007/05/13 11:57:46 | 05,308,416 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule

    [2004/07/13 18:42:20 | 00,110,592 | ---- | M] () -- C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui

    [2008/04/13 15:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

    [2008/02/02 17:01:27 | 01,716,224 | ---- | M] (Softpointer Inc) -- C:\Program Files\TagRename\TagRename.exe:*:Enabled:Tag&Rename

    [2004/10/08 09:09:41 | 01,118,208 | ---- | M] () -- C:\Documents and Settings\Anderson\Local Settings\Temp\mbsinst\INSTGUI.EXE:*:Enabled:INSTGUI

    [2000/10/22 15:58:31 | 01,905,860 | ---- | M] () -- C:\MBS\gwrd.exe:*:Enabled:gwrd

    [2000/10/22 15:56:11 | 21,524,096 | ---- | M] () -- C:\MBS\disp+work.exe:*:Enabled:disp+work

    [2000/10/22 16:02:40 | 00,975,740 | ---- | M] () -- C:\MBS\msg_server.exe:*:Enabled:msg_server

    [2004/10/08 09:09:22 | 00,786,496 | ---- | M] (SAP AG, Walldorf) -- C:\Program Files\SAPpc\sapgui\sapgui.exe:*:Enabled:SAPGUI for Win32

    [2008/04/13 21:12:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program

    File not found -- C:\Program Files\FlashGet\FlashGet.exe:*:Disabled:Flashget

    [2007/11/07 14:34:30 | 03,739,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

    [2007/10/26 15:20:20 | 00,496,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)

    [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

    [2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

    [2008/09/28 21:29:58 | 00,307,712 | ---- | M] (Mozilla Corporation) -- M:\System\Apps\DBE32832-B0BD-4B71-A9A8-D0873565E545\Data\App\firefox\firefox.exe:*:Enabled:Firefox

    File not found -- C:\Documents and Settings\Anderson\Application Data\U3\0BF10B60F1931A08\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader

    "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools

    "{0FC76B71-2534-4354-B255-3468578E3F47}" = Nokia PC Suite

    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher

    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

    "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU

    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5

    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

    "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1

    "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU

    "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5

    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

    "{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java SE Development Kit 6 Update 7

    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime

    "{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes

    "{44CE6902-84EA-11D6-887E-00609721D519}" = Voice Editing

    "{4922C9E7-CD91-496A-A73B-0FDF9D54B44F}" = SAPI5_English

    "{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver

    "{50B631C6-6E91-4D7B-A4E0-81E7FA8D5B3D}" = SAPI5_Common

    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

    "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense

    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008

    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

    "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC

    "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

    "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime

    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime

    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007

    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007

    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

    "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone

    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2

    "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008

    "{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support

    "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution

    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

    "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools

    "{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU

    "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

    "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution

    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

    "{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU

    "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

    "{C52BEBC0-4A0C-42FB-B7EC-FAD0A14DD64E}" = RealSpeak_Solo_Common_for_Panasonic

    "{C97AEFB5-E52F-49C8-AB51-D5F335AF8B7C}" = Panasonic Office Add-in

    "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools

    "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU

    "{DA12E3FF-60E1-43E0-8E64-C43890A596AE}" = RealSpeak_Solo_English_for_Panasonic

    "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine

    "{E3A54A70-1CFA-4D79-ACD6-5AA2A98C212F}" = Samsung PC Studio 3

    "{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer

    "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer

    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2

    "{F1E17FB0-12BC-45D0-ABA3-287F2A1E3A1E}" = Windows Live Messenger

    "{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client

    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

    "219b3bb94d71729d119ee9ce52d76000" = Receitanet Java 2008.01a

    "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)

    "6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)

    "819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)

    "9E140F48C9836B9B78539C08FB2B17146BDB3F65" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)

    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

    "AP Guitar Tuner 1.02" = AP Guitar Tuner 1.02

    "Babylon" = Babylon

    "BitTornado" = BitTornado 0.3.7

    "CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)

    "CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)

    "E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)

    "eMule" = eMule

    "Fiddler" = Fiddler (remove only)

    "getPlus®_ocx" = getPlus®_ocx

    "GetRight_is1" = GetRight

    "HijackThis" = HijackThis 1.99.1

    "HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)

    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

    "ie7" = Windows Internet Explorer 7

    "IRPF2008 - Declaração de Ajuste Anual" = IRPF2008 - Declaração de Ajuste Anual

    "LastFM_is1" = Last.fm 1.5.1.30182

    "MediaMonkey_is1" = MediaMonkey 2.4

    "Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5

    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008

    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005

    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime

    "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU

    "Mozilla Firefox (2.0.0.17)" = Mozilla Firefox (2.0.0.17)

    "Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)

    "Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)

    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

    "Nero - Burning Rom!UninstallKey" = Nero OEM

    "NetPerSec" = NetPerSec

    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

    "Nokia PC Suite" = Nokia PC Suite

    "NVIDIA Drivers" = NVIDIA Drivers

    "OggDS" = Direct Show Ogg Vorbis Filter (remove only)

    "ratDVD" = ratDVD 0.78.1444

    "RealAlt_is1" = Real Alternative 1.52

    "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set

    "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

    "SAPMini" = SAP Mini Technology System

    "SLAMRNTV" = LM-I56N

    "SubtitleWorkshop" = Subtitle Workshop 2.51

    "Tag&Rename_is1" = Tag&Rename 3.1.7

    "Video to Audio Converter_is1" = Video to Audio Converter 1.12

    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime

    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component

    "VLC media player" = VideoLAN VLC media player 0.8.6f

    "VobSub" = VobSub v2.23 (Remove Only)

    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

    "WDIC" = Dic Michaelis - UOL

    "WIC" = Windows Imaging Component

    "Winamp" = Winamp (remove only)

    "Windows Media Format Runtime" = Windows Media Format 11 runtime

    "Windows Media Player" = Windows Media Player 11

    "Windows XP Service Pack" = Windows XP Service Pack 3

    "WinRAR archiver" = WinRAR archiver

    "WinZip" = WinZip

    "WMFDist11" = Windows Media Format 11 runtime

    "wmp11" = Windows Media Player 11

    "Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]

    Error - 31/08/2008 17:59:41 | Computer Name = A64 | Source = Application Hang | ID = 1002

    Description = Hanging application firefox.exe, version 1.9.0.3105, hang module hungapp,

    version 0.0.0.0, hang address 0x00000000.

    Error - 28/09/2008 10:03:21 | Computer Name = A64 | Source = Windows Live Messenger BETA | ID = 1000

    Description =

    Error - 05/10/2008 08:23:24 | Computer Name = A64 | Source = Application Hang | ID = 1002

    Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module

    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 06/10/2008 15:48:21 | Computer Name = A64 | Source = Application Hang | ID = 1002

    Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module

    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ NetLimiter Events ]

    Error - 31/12/2004 23:02:10 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

    Description =

    Error - 31/12/2004 23:43:06 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

    Description =

    Error - 31/12/2004 22:02:42 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

    Description =

    Error - 31/12/2004 22:01:53 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

    Description =

    Error - 01/01/2005 04:24:43 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

    Description =

    Error - 01/01/2005 06:28:51 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

    Description =

    Error - 29/03/2008 10:34:45 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

    Description =

    Error - 31/12/2004 23:05:43 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

    Description =

    Error - 29/03/2008 17:38:07 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

    Description =

    Error - 30/03/2008 12:01:20 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

    Description =

    [ System Events ]

    Error - 05/10/2008 15:43:55 | Computer Name = A64 | Source = Service Control Manager | ID = 7028

    Description = The GbpSv Registry key denied access to SYSTEM account programs so

    the Service Control Manager took ownership of the Registry key.

    Error - 05/10/2008 15:44:06 | Computer Name = A64 | Source = System Error | ID = 1003

    Description = Error code 000000fe, parameter1 00000002, parameter2 8606a510, parameter3

    85fea138, parameter4 8607fc00.

    Error - 05/10/2008 18:00:47 | Computer Name = A64 | Source = Service Control Manager | ID = 7000

    Description = The IC Recorder Driver service failed to start due to the following

    error: %%1058

    Error - 05/10/2008 18:00:47 | Computer Name = A64 | Source = Service Control Manager | ID = 7028

    Description = The GbpSv Registry key denied access to SYSTEM account programs so

    the Service Control Manager took ownership of the Registry key.

    Error - 05/10/2008 18:00:58 | Computer Name = A64 | Source = System Error | ID = 1003

    Description = Error code 00000093, parameter1 00000714, parameter2 00000000, parameter3

    00000000, parameter4 00000000.

    Error - 05/10/2008 18:03:27 | Computer Name = A64 | Source = Service Control Manager | ID = 7000

    Description = The IC Recorder Driver service failed to start due to the following

    error: %%1058

    Error - 05/10/2008 18:03:27 | Computer Name = A64 | Source = Service Control Manager | ID = 7028

    Description = The GbpSv Registry key denied access to SYSTEM account programs so

    the Service Control Manager took ownership of the Registry key.

    Error - 05/10/2008 18:03:36 | Computer Name = A64 | Source = System Error | ID = 1003

    Description = Error code 00000093, parameter1 00000708, parameter2 00000000, parameter3

    00000000, parameter4 00000000.

    Error - 05/10/2008 18:39:57 | Computer Name = A64 | Source = Service Control Manager | ID = 7000

    Description = The IC Recorder Driver service failed to start due to the following

    error: %%1058

    Error - 05/10/2008 18:39:57 | Computer Name = A64 | Source = Service Control Manager | ID = 7028

    Description = The GbpSv Registry key denied access to SYSTEM account programs so

    the Service Control Manager took ownership of the Registry key.

    < End of report >

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Kuevas

    Mais uma vez peço desculpa pela demora... correria :)

    Siga as instruções contidas no link abaixo e instale e execute o Combofix:

    http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

    • É importante que instale a console de recuperação também.
    • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt).
    • Cole o conteúdo desse arquivo e faça também um novo log do HijackThis para colocar na sua resposta.

    Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver rodando, isso pode fazer com que o pc pare.

    Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize correctamente poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×