Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
andre.missio

Log do hijackthis

Recommended Posts

estou com um problema no computador...

o svchost.exe esta deixando lento o computador, eu vi em topicos semelhantes o que deveria fazer, baixei um programa chamado HijackThis e fiz o que pedia, agr queria saber o que fazer com o relatorio que apareceu, muito obrigado...

Logfile of HijackThis v1.99.1

Scan saved at 15:20:46, on 8/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

D:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\SnMgrSvc.exe

D:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SnAgOS.exe

C:\WINDOWS\Explorer.exe

D:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\WINDOWS\system32\sistray.exe

D:\Arquivos de Programas\Styler\Styler.exe

C:\WINDOWS\system32\SnEngine.EXE

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE

D:\Arquivos de Programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Andre\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Documents and Settings\Andre\Desktop\FlashGet\jccatch.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Programas\FDM\Free Download Manager\iefdm2.dll (file missing)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Documents and Settings\Andre\Desktop\FlashGet\getflash.dll

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [bigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe

O4 - HKLM\..\Run: [AVG8_TRAY] D:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LogonStudio] "D:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - Startup: Styler.lnk = ?

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Download All with FlashGet - D:\Documents and Settings\Andre\Desktop\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - D:\Documents and Settings\Andre\Desktop\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Documents and Settings\Andre\Desktop\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Documents and Settings\Andre\Desktop\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205522576780

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1207953619_8419898d66f415f6f9743c74718c3119&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{84634432-FA2A-4115-B0EC-CA826A13CA5A}: NameServer = 201.16.24.2,201.16.24.3

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll,wbsys.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WBSrv - C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: NMSAccessU - Unknown owner - D:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Temporariamente desactive o seu anti-virus!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)
  • Scan Options:

  • Scan Archives
    Scan Mail Bases

[*]Clique Clipboard014.jpg[*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.[*]Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.[*]No final do Scan, clique no botão Save as Text[*]Salve o log com os resultados e cole o conteúdo na sua próxima mensagem.[*]Gere e cole também um novo log do HijackThis.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

muito obrigado, eu to fazendo os procedimentos, ta baixando as coisas no site, dae logo apos eu fazer o que voce mandou eu posto aqui os resultados...

muito obrogado mesmo...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom, fiz todos os procedimentos relacionados, apos passar o anti virus não apareceu nenhum: No malware has been detected... em settings onde tinha o unico save não conseguir salvar log nenhum nesse programa.

FAzendo o log do hijackThis apareceu o que coloco a seguir:

Logfile of HijackThis v1.99.1

Scan saved at 01:13:24, on 12/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\SnAgOS.exe

D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

D:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\SnMgrSvc.exe

D:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\VMSnap23.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\WINDOWS\system32\sistray.exe

D:\Arquivos de Programas\Styler\Styler.exe

C:\WINDOWS\system32\SnEngine.EXE

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

D:\Arquivos de Programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Andre\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Documents and Settings\Andre\Desktop\FlashGet\jccatch.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Programas\FDM\Free Download Manager\iefdm2.dll (file missing)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Documents and Settings\Andre\Desktop\FlashGet\getflash.dll

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [bigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe

O4 - HKLM\..\Run: [AVG8_TRAY] D:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LogonStudio] "D:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [bigDogPath323Domino] C:\WINDOWS\Domino.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - Startup: Styler.lnk = ?

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Download All with FlashGet - D:\Documents and Settings\Andre\Desktop\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - D:\Documents and Settings\Andre\Desktop\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Documents and Settings\Andre\Desktop\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Documents and Settings\Andre\Desktop\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205522576780

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1207953619_8419898d66f415f6f9743c74718c3119&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{84634432-FA2A-4115-B0EC-CA826A13CA5A}: NameServer = 201.16.24.2,201.16.24.3

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll,wbsys.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WBSrv - C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: NMSAccessU - Unknown owner - D:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

Bom muito obrigado aguardo novas instruções...

abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, o log e o scan não detectam malwares.

Faça o download do Deckard's System Scanner (DSS) e salve no seu Desktop.

link alternativo para download

O DSS irá fazer o seguinte:

  • Criar um novo ponto de restauro no Windows XP e Vista.
  • Limpar os Temporary Files, Downloaded Program Files, Internet Cache Files, e a Reciclagem em todos os drives.
  • Verificar algumas das importantes areas do seu sistemta e produz um relatório para que o Assistente o possa analisar.
  • Automaticamente rodará o HijackThis. Caso não exista, será automaticamente feito o download e a instalação.
  • Atenção:Para rodar a ferramenta terá de utilizar uma conta com previlégios de administrador.
  • Feche todas as janelas e aplicações.
  • Duplo clique em dss.exe para rodar a ferramenta.
  • Se o seu anti-virus ou firewall acusar algo, ignore. A ferramenta é segura.
  • Quando o scan terminar, dois arquivos abrirão no Bloco de Notas:
  1. main.txt <- este estará maximizado
  2. extra.txt <- este estará minimizado

  • Ambos estes arquivos podem ser encontrados na pasta: C:\Deckard\System Scanner.
  • Por favor copie (Ctrl+C) e cole (Ctrl+V) o conteúdo do main.txt e extra.txt na sua próxima resposta.

Nota:

-- Quando se roda o DSS, algumas firewalls podem avisar que o programa está acedendo à Internet, especialmente se for para o programa automaticamente instalar a versão mais recente do HijackThis. Caso isso aconteça, permita o acesso.

-- Se surgir o aviso do seu anti-virus enquanto o DSS roda, permita que a ferramenta prossiga e conclua o scan pois a ferramenta é totalmente segura e inofensiva.

Compartilhar este post


Link para o post
Compartilhar em outros sites

main

Deckard's System Scanner v20071014.68

Run by Andre on 2008-08-12 16:52:59

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

26: 2008-08-12 19:53:12 UTC - RP177 - Deckard's System Scanner Restore Point

25: 2008-08-11 20:15:45 UTC - RP176 - Instalação de driver não assinada

24: 2008-08-09 16:04:09 UTC - RP175 - Ponto de verificação do sistema

23: 2008-08-08 02:57:41 UTC - RP174 - Software Distribution Service 3.0

22: 2008-08-07 22:46:25 UTC - RP173 - Removed Norton Security Scan

-- First Restore Point --

1: 2008-07-04 20:42:03 UTC - RP152 - Ponto de verificação do sistema

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Andre.exe) -----------------------------------------------

Unable to find log (file not found); running clone.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-08-12 16:56:43

Platform: Windows XP Service Pack 3 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

D:\Arquivos de Programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de Programas\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

D:\Arquivos de Programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\SnMgrSvc.exe

D:\Arquivos de Programas\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SnAgOS.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\VMSnap23.exe

D:\Arquivos de Programas\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Domino.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\WINDOWS\system32\sistray.exe

D:\Arquivos de Programas\Styler\Styler.exe

D:\Arquivos de Programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SnEngine.EXE

C:\Documents and Settings\Andre\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Documents and Settings\Andre\Desktop\FlashGet\jccatch.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Arquivos de Programas\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Programas\FDM\Free Download Manager\iefdm2.dll (file missing)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Documents and Settings\Andre\Desktop\FlashGet\getflash.dll

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de Programas\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [bigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe

O4 - HKLM\..\Run: [AVG8_TRAY] D:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LogonStudio] "D:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [bigDogPath323Domino] C:\WINDOWS\Domino.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Styler.lnk = ?

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Download All with FlashGet - D:\Documents and Settings\Andre\Desktop\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - D:\Documents and Settings\Andre\Desktop\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Documents and Settings\Andre\Desktop\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Documents and Settings\Andre\Desktop\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll

O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205522576780

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1207953619_8419898d66f415f6f9743c74718c3119&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{84634432-FA2A-4115-B0EC-CA826A13CA5A}: NameServer = 201.16.24.2,201.16.24.3

O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\PKMCDO.DLL

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Arquivos de Programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll,wbsys.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Arquivos de Programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\Arquivos de Programas\AVG\AVG8\avgwdsvc.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: NMSAccessU - Unknown owner - D:\Arquivos de Programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\system32\slserv.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

--

End of file - 10033 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - D:\Skins\Alpha\Alpha.icl,49

.chm - chm.file - DefaultIcon - D:\Skins\Alpha\Alpha.icl,52

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

.hlp - hlpfile - DefaultIcon - D:\Skins\Alpha\Alpha.icl,56

.inf - inffile - DefaultIcon - D:\Skins\Alpha\Alpha.icl,58

.ini - inifile - DefaultIcon - D:\Skins\Alpha\Alpha.icl,59

.js - JSFile - DefaultIcon - C:\Documents and Settings\Andre\Desktop\Arileen.icl,65

.reg - regfile - DefaultIcon - D:\Skins\Alpha\Alpha.icl,69

.scr - AutoCADScriptFile - shell\open\command - "C:\Arquivos de programas\Windows NT\Acessórios\WORDPAD.EXE" "%1"

.txt - txtfile - DefaultIcon - D:\Skins\Alpha\Alpha.icl,72

.vbs - VBSFile - DefaultIcon - D:\Skins\Alpha\Alpha.icl,73

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

R1 SNSID - c:\windows\system32\drivers\snsid.sys <Not Verified; Open Communications Security; Precise>

R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>

R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

R3 vmfilter323 (323 filter service, Normal) - c:\windows\system32\drivers\vmfilter323.sys <Not Verified; Vimicro Corporation; Filter for VC323 MRD>

R3 ZSMC326 (TD74 USB2.0 PC Camera(VC0323)) - c:\windows\system32\drivers\usbvm323.sys <Not Verified; Vimicro Corporation; VM321>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Controlador USB (Universal Serial Bus)

Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_810E1043&REV_00\3&267A616A&0&1B

Manufacturer:

Name: Controlador USB (Universal Serial Bus)

PNP Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_810E1043&REV_00\3&267A616A&0&1B

Service:

-- Files created between 2008-07-12 and 2008-08-12 -----------------------------

2008-08-09 12:40:04 0 d------c- C:\Arquivos de programas\Unity

2008-08-04 19:10:20 0 d------c- C:\Arquivos de programas\Arquivos comuns\Sonic Shared

2008-08-04 19:04:43 0 d------c- C:\WINDOWS\system32\URTTEMP

2008-08-04 19:02:22 0 d------c- C:\Arquivos de programas\Arquivos comuns\HP

2008-08-04 18:59:37 0 d------c- C:\Arquivos de programas\Hewlett-Packard

2008-08-04 18:54:52 0 d------c- C:\Arquivos de programas\HP

2008-08-04 18:51:41 0 -------c- C:\WINDOWS\hpimdl04.dat

2008-08-04 18:51:41 100805 --a----c- C:\WINDOWS\hpiins04.dat

2008-08-03 18:25:17 0 d------c- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-07-25 05:34:54 81920 --a----c- C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>

2008-07-25 05:34:52 196608 --a----c- C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>

2008-07-25 05:34:42 823296 --a----c- C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>

2008-07-25 05:34:40 802816 --a----c- C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>

2008-07-25 05:34:40 823296 --a----c- C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>

2008-07-25 05:34:40 815104 --a----c- C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>

2008-07-25 05:34:36 683520 --a----c- C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>

2008-07-23 13:50:52 3596288 --a----c- C:\WINDOWS\system32\qt-dx331.dll

2008-07-23 13:46:38 12288 --a----c- C:\WINDOWS\system32\DivXWMPExtType.dll

-- Find3M Report ---------------------------------------------------------------

2008-08-08 22:30:28 0 d------c- C:\Documents and Settings\Andre\Dados de aplicativos\Skype

2008-08-08 20:27:58 0 d------c- C:\Documents and Settings\Andre\Dados de aplicativos\skypePM

2008-08-07 19:44:17 0 d------c- C:\Arquivos de programas\Windows Media Connect 2

2008-08-05 21:47:27 436668 --a----c- C:\WINDOWS\system32\perfh016.dat

2008-08-05 21:47:27 72098 --a----c- C:\WINDOWS\system32\perfc016.dat

2008-08-05 17:15:58 0 d------c- C:\Documents and Settings\Andre\Dados de aplicativos\eMule

2008-08-05 16:36:25 0 d--h---c- C:\Arquivos de programas\InstallShield Installation Information

2008-08-04 19:10:20 0 d------c- C:\Arquivos de programas\Arquivos comuns

2008-08-02 19:26:55 0 d------c- C:\Arquivos de programas\Windows Live Safety Center

2008-07-05 22:04:25 0 d------c- C:\Arquivos de programas\Virtual Earth 3D

2008-06-30 18:21:15 1403904 --a----c- C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Sistema operacional Microsoft® Windows®>

2008-06-30 18:15:22 0 d------c- C:\Arquivos de programas\Arquivos comuns\Stardock

2008-06-29 00:04:33 0 d------c- C:\Documents and Settings\Andre\Dados de aplicativos\Vso

2008-06-29 00:04:33 34 --a----c- C:\Documents and Settings\Andre\Dados de aplicativos\pcouffin.log

2008-06-29 00:04:18 47360 --a----c- C:\Documents and Settings\Andre\Dados de aplicativos\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

2008-06-29 00:04:18 1144 --a----c- C:\Documents and Settings\Andre\Dados de aplicativos\pcouffin.inf

2008-06-29 00:04:18 7887 --a----c- C:\Documents and Settings\Andre\Dados de aplicativos\pcouffin.cat

2008-06-24 23:17:17 0 d------c- C:\Documents and Settings\Andre\Dados de aplicativos\uTorrent

2008-06-23 20:33:28 0 d------c- C:\Documents and Settings\Andre\Dados de aplicativos\Mozilla

2008-06-23 19:08:18 0 d------c- C:\Arquivos de programas\RocketDock

2008-06-23 17:49:00 0 dr-----c- C:\Arquivos de programas\Skype

2008-06-23 17:49:00 0 d------c- C:\Arquivos de programas\Arquivos comuns\Skype

2008-06-09 18:03:12 2560 --a----c- C:\WINDOWS\_MSRSTRT.EXE

2008-06-05 20:23:05 56 --ah---c- C:\WINDOWS\system32\ezsidmv.dat

2008-05-31 17:17:39 0 --a----c- C:\WINDOWS\nsreg.dat

2008-05-21 14:33:18 72774 --a----c- C:\WINDOWS\unins000.exe <Not Verified; Jordan Russell; >

2008-05-21 14:33:18 1092 --a----c- C:\WINDOWS\unins000.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [12/07/2002 07:15]

"SiSPower"="SiSPower.dll" [04/01/2005 05:54 C:\WINDOWS\system32\SiSPower.dll]

"BigDogPath323VMSnap"="C:\WINDOWS\VMSnap23.exe" [19/09/2006 14:26]

"AVG8_TRAY"="D:\ARQUIV~1\AVG\AVG8\avgtray.exe" [03/07/2008 16:20]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [24/07/2006 23:33]

"nwiz"="nwiz.exe" [24/07/2006 23:33 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [24/07/2006 23:33]

"LogonStudio"="D:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" [03/09/2002 18:38]

"BigDogPath323Domino"="C:\WINDOWS\Domino.exe" [28/06/2006 02:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [13/04/2008 23:20]

"RocketDock"="C:\Arquivos de programas\RocketDock\RocketDock.exe" [02/09/2007 13:58]

C:\Documents and Settings\Andre\Menu Iniciar\Programas\Inicializar\

Styler.lnk - C:\Documents and Settings\Andre\Dados de aplicativos\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [23/6/2008 18:19:00]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [14/3/2008 17:50:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 09/06/2008 18:14 210168 C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=avgrsstx.dll,wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Photosmart Premier.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Inicialização rápida do HP Photosmart Premier.lnk

backup=C:\WINDOWS\pss\Inicialização rápida do HP Photosmart Premier.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^MicroWeather.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\MicroWeather.lnk

backup=C:\WINDOWS\pss\MicroWeather.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andre^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

path=C:\Documents and Settings\Andre\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

backup=C:\WINDOWS\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323Domino]

C:\WINDOWS\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

C:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

D:\Arquivos de Programas\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]

D:\Documents and Settings\Andre\Desktop\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

"D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

"D:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]

C:\Arquivos de programas\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]

C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbo Internet Booster]

D:\Arquivos de programas\Turbo Internet Booster\TurboInternetBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]

C:\Arquivos de programas\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]

C:\Arquivos de programas\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]

C:\Arquivos de programas\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TermService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

eapsvcs eaphost

dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

napagent

hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b12b9e0-ff2a-11dc-ba6b-0011d8b5ca88}]

auto\command- Knight.exe open

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open

explore\command- Knight.exe open

find\command- Knight.exe open

install\command- Knight.exe open

open\command- Knight.exe open

-- End of Deckard's System Scanner: finished at 2008-08-12 16:58:18 ------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

extra

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0

Architecture: X86; Language: Portuguese

CPU 0: Intel® Pentium® 4 CPU 2.40GHz

Percentage of Memory in Use: 36%

Physical Memory (total/avail): 1023.3 MiB / 648.39 MiB

Pagefile Memory (total/avail): 1644.98 MiB / 1336.33 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1906.72 MiB

A: is Removable (No Media)

C: is Fixed (NTFS) - 14.65 GiB total, 7.71 GiB free.

D: is Fixed (NTFS) - 59.9 GiB total, 40.42 GiB free.

E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP0802N - 74.56 GiB - 2 partitions

\PARTITION0 (bootable) - Sistema de arquivos instalável - 14.65 GiB - C:

\PARTITION1 - Estendido c/Int. estendida 13 - 59.9 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Andre\Dados de aplicativos

CLIENTNAME=Console

CommonProgramFiles=C:\Arquivos de programas\Arquivos comuns

COMPUTERNAME=TABAJARA-U1ND3B

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Andre

LOGONSERVER=\\TABAJARA-U1ND3B

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0401

ProgramFiles=C:\Arquivos de programas

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Andre\CONFIG~1\Temp

TMP=C:\DOCUME~1\Andre\CONFIG~1\Temp

USERDOMAIN=TABAJARA-U1ND3B

USERNAME=Andre

USERPROFILE=C:\Documents and Settings\Andre

windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Andre (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> D:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER

--> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x416 -uninst

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.57 --> "D:\Arquivos de programas\7-Zip\Uninstall.exe"

Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.2 - Português --> MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81200000003}

Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Anark Client 1.0 --> C:\Arquivos de programas\Anark\Client\AMInstal.exe -uninstall

Arquivo do WinRAR --> D:\Arquivos de programas\WinRAR\uninstall.exe

Assistente de Conexão do Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

µTorrent --> "C:\Arquivos de programas\uTorrent\uTorrent.exe" /UNINSTALL

Atualização de Segurança para Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

AutoCAD 2004 --> MsiExec.exe /I{5783F2D7-0201-0409-0002-0060B0CE6BBA}

Autodesk Express Viewer --> C:\ARQUIV~1\Autodesk\AUTODE~1\Setup.exe /remove

AVG Free 8.0 --> D:\Arquivos de programas\AVG\AVG8\setup.exe /UNINSTALL

Bee Icons v 4.0.3 (GAOTD Edition) --> "D:\Arquivos de programas\Bee Icons\unins000.exe"

Canon iP1800 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series /L0x0016

Canon Utilities Easy-PrintToolBox --> C:\Arquivos de programas\Canon\Easy-PrintToolBox\uninst.exe uninst.ini

CDBurnerXP --> "D:\Arquivos de programas\CDBurnerXP\unins000.exe"

DivX Codec --> D:\Arquivos de programas\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter --> D:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player --> D:\Arquivos de programas\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player --> D:\Arquivos de programas\DivX\DivXWebPlayerUninstall.exe /PLUGIN

DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.3.0 --> "D:\Arquivos de programas\DVDFab 5\unins000.exe"

eMule --> "D:\Arquivos de programas\eMule\Uninstall.exe"

FlashGet 1.9.6.1073 --> D:\Documents and Settings\Andre\Desktop\FlashGet\uninst.exe

HijackThis 1.99.1 --> C:\Documents and Settings\Andre\Desktop\HijackThis\HijackThis.exe /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

HP Câmeras Photosmart 7.0 --> D:\Arquivos de programas\HP\Digital Imaging\{43391E8E-4582-4b85-99F0-3CB682293728}\setup\hpzscr01.exe -datfile hpiscr04.dat

HP Imaging Device Functions 7.0 --> D:\Arquivos de programas\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart Premier Software 6.5 --> D:\Arquivos de programas\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}

HP Solution Center 7.0 --> D:\Arquivos de programas\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}

Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

LogonStudio --> D:\ARQUIV~1\WINCUS~1\LOGONS~1\UNWISE.EXE D:\ARQUIV~1\WINCUS~1\LOGONS~1\INSTALL.LOG

Megacubo 4.0.5 --> "D:\Arquivos de programas\Megacubo\unins000.exe"

Messenger Plus! Live --> "C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Access MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}

Microsoft Office Enterprise 2007 --> "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}

Microsoft Office Word MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}

Microsoft Office XP Professional com FrontPage --> MsiExec.exe /I{90280416-6000-11D3-8CFE-0050048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

MicroWeather v1.02 --> "D:\Arquivos de programas\MicroWeather\unins000.exe"

Mozilla Firefox (2.0.0.15) --> C:\ARQUIV~1\Mozilla Firefox\uninstall\helper.exe

Mozilla Firefox (3.0.1) --> D:\Arquivos de Programas\Mozilla Firefox\uninstall\helper.exe

MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}

Need for Speed™ Carbon --> D:\Arquivos de programas\Electronic Arts\Need for Speed Carbon\EAUninstall.exe

NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI

NVIDIA Screen Saver 1.2 --> C:\WINDOWS\unins000.exe

OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}

PC Wizard 2007.1.72 --> "D:\Arquivos de Programas\PC Wizard 2007\unins000.exe"

Portinho 3.0a --> "D:\Arquivos de programas\Portinho\unins000.exe"

Real Alternative 1.52 --> "C:\Arquivos de programas\Real Alternative\unins000.exe"

Realtek AC'97 Audio --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

RocketDock 1.3.5 --> "C:\Arquivos de programas\RocketDock\unins000.exe"

SafeCast Shared Components --> C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall

Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}

Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}

SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem4.inf

SiSRaidPackage --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\SETUP.EXE" -l0x416

Skype™ Beta 4.0 --> MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}

Styler --> MsiExec.exe /I{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}

TD74 USB2.0 PC Camera --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{36820BCA-FC55-452E-9085-6E6F1F55508D}\Setup.exe" -l0x9

Turbo Internet Booster 2.1.0.0 --> "D:\Arquivos de programas\Turbo Internet Booster\unins000.exe"

Unity Web Player --> C:\Arquivos de programas\Unity\WebPlayer\Uninstall.exe

Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}

Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}

Virtual Earth 3D (Beta) --> MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}

WindowBlinds --> C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG

Windows Live installer --> MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}

Windows Live Messenger --> MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}

Windows Live OneCare safety scanner --> RunDll32.exe "C:\Arquivos de programas\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type4839 / Warning

Event Submitted/Written: 08/12/2008 01:16:31 AM

Event ID/Source: 1524 / Userenv

Event Description:

O Windows não pode descarregar o seu arquivo de Registro de classes - ele ainda está sendo usado por outros aplicativos ou serviços. O arquivo será descarregado quando não estiver mais em uso.

Event Record #/Type4834 / Error

Event Submitted/Written: 08/11/2008 10:16:41 PM

Event ID/Source: 11401 / MsiInstaller

Event Description:

Produto: Windows Live Messenger -- Erro 1401. Não foi possível criar a chave: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress. Erro do sistema 1019. Verifique se você tem acesso suficiente a essa chave ou entre em contato com a equipe de suporte.

Event Record #/Type4829 / Error

Event Submitted/Written: 08/11/2008 09:35:14 PM

Event ID/Source: 11401 / MsiInstaller

Event Description:

Produto: Windows Live Messenger -- Erro 1401. Não foi possível criar a chave: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress. Erro do sistema 1019. Verifique se você tem acesso suficiente a essa chave ou entre em contato com a equipe de suporte.

Event Record #/Type4821 / Success

Event Submitted/Written: 08/11/2008 05:41:42 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4798 / Error

Event Submitted/Written: 08/09/2008 00:48:05 PM

Event ID/Source: 1000 / Application Error

Event Description:

Aplicativo com falha firefox.exe, versão 1.9.0.3105, módulo com falha unknown, versão 0.0.0.0, endereço com falha 0x0ff1653e.

Processando evento específico de mídia para [firefox.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type10234 / Error

Event Submitted/Written: 08/12/2008 04:57:11 PM

Event ID/Source: 7016 / Service Control Manager

Event Description:

O serviço SmartLinkService relatou um estado atual 0 inválido.

Event Record #/Type10079 / Warning

Event Submitted/Written: 08/08/2008 05:39:21 PM

Event ID/Source: 1073 / USER32

Event Description:

Falha na tentativa de Reinicializar TABAJARA-U1ND3B

Event Record #/Type9966 / Warning

Event Submitted/Written: 08/06/2008 05:50:30 PM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP alcançou o limite de segurança imposto sobre o número de tentativas de conexão TCP simultâneas.

Event Record #/Type9965 / Warning

Event Submitted/Written: 08/06/2008 05:06:18 PM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP alcançou o limite de segurança imposto sobre o número de tentativas de conexão TCP simultâneas.

Event Record #/Type9910 / Warning

Event Submitted/Written: 08/05/2008 07:02:47 PM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP alcançou o limite de segurança imposto sobre o número de tentativas de conexão TCP simultâneas.

-- End of Deckard's System Scanner: finished at 2008-08-12 16:58:18 ------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

todos os procedimentos indicados foram realizados e postados...

muito obrigadooo...

abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

  • Clique em Iniciar e em Executar.
  • Na caixa, copie e cole o seguinte:
    "%userprofile%\desktop\dss.exe" /daft
  • Clique OK.
  • Clique OK novamente.
  • Clique Scan.
  • Marque as seguintes (caso estejam presentes).
    .bat - batfile - DefaultIcon - D:\Skins\Alpha\Alpha.icl,49
    .chm - chm.file - DefaultIcon - D:\Skins\Alpha\Alpha.icl,52
    .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
    .hlp - hlpfile - DefaultIcon - D:\Skins\Alpha\Alpha.icl,56
    .inf - inffile - DefaultIcon - D:\Skins\Alpha\Alpha.icl,58
    .ini - inifile - DefaultIcon - D:\Skins\Alpha\Alpha.icl,59
    .js - JSFile - DefaultIcon - C:\Documents and Settings\Andre\Desktop\Arileen.icl,65
    .reg - regfile - DefaultIcon - D:\Skins\Alpha\Alpha.icl,69
    .scr - AutoCADScriptFile - shell\open\command - "C:\Arquivos de programas\Windows NT\Acessórios\WORDPAD.EXE" "%1"
    .txt - txtfile - DefaultIcon - D:\Skins\Alpha\Alpha.icl,72
    .vbs - VBSFile - DefaultIcon - D:\Skins\Alpha\Alpha.icl,73
  • Clique Fix

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom, todos os procedimentos foram feitos, avoam sim todas aquelas coisas para marcar...

reiniciei o computador e o svchost ficou um pouco pesado ainda, mas logo retrocedeu e normalizou, será que o problema foi resolvido?

muito obrigado... grande abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom trabalho, o seu log está limpo :joia:

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Desative e ative novamente a Restauração do Sistema
  • Utilize um navegador alternativo e mais seguro: firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <= IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

" Tópico Resolvido "

Se você necessita que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação (Lusitano ou RenatoMejias) e inclua no seu pedido o link para este tópico.

Caso tenha um novo problema, por favor inicie um novo tópico.

O acima exposto aplica-se apenas ao autor do tópico. Todos os outros usuários deverão obrigatóriamente iniciar um novo tópico.

Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×