Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Kuevas

Log Hijackthis

Recommended Posts

Boa noite, amigos!

Instalei o Avast U3 no meu pendrive U3 Kingston e quando atualizei seus dados, me deu a mensagem:

- INFECTED OBJECT: E:\AUTORUN.EXE\[uPX]

- MALWARE TYPE: VIRUS/WORM

- MALWARE NAME: WIN32:ROOTKIT-GEN[RTK]

Algum expert poderá me dizer o que fazer? Esse problema estaria no pendrive?

Segue o log do Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 19:49, on 2008-10-05

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

E:\UTIL\Antivirus Anti-Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.etapa.com.br/wrdb/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~1\GbPlugin\gbiehuni.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Voice Editing Launcher - C:\Program Files\Panasonic\Voice Editing\VEd1_IEMenu.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)

O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://speed.travian.com.br

O15 - Trusted Zone: http://speed-server.travian.com.br

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1205789860_349be9ec248706029b3a1d74ecc54b4d&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{891A0DA7-BCDC-487C-A966-91645BD631EE}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~1\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 19:24, on 08/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Last.fm\LastFM.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Documents and Settings\Anderson\Application Data\U3\0BF10B60F1931A08\LaunchPad.exe

E:\UTIL\Antivirus Anti-Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.etapa.com.br/wrdb/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~1\GbPlugin\gbiehuni.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Voice Editing Launcher - C:\Program Files\Panasonic\Voice Editing\VEd1_IEMenu.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)

O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://speed.travian.com.br

O15 - Trusted Zone: http://speed-server.travian.com.br

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{891A0DA7-BCDC-487C-A966-91645BD631EE}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~1\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Kuevas

Bem vindo à Remoção de Malware

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-la novamente.

Atente para o seguinte, por favor:

1) Estarei acompanhado os procedimentos de análise de seu log, retornarei tão logo que seja possível!;

2) Não tome nenhum procedimento até começarmos;

3) O que será passado aqui somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;

4) Caso tenha outro computador abra um novo tópico com seu respectivo log;

5) Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;

6) Sempre coloque suas respostas neste tópico... Não abra outro!

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar sob risco de desconfigurar seu computador!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Kuevas

Vamos lá,

Faça o download de OTListIt e salve no desktop.

  • Duplo clique no icone da ferrameta que está no seu desktop.
  • Clique emk Run Scan e deixe a ferramenta ser executada.
  • Quando a ferramenta finalizar o the scan, gerará dois arquivos texto:
    • OTViewIt.Txt <- Será automaticamente aberto no Bloco de Notas
    • Extras.txt <- estará no desktop

    [*] Copie (Ctrl+C) e cole (Ctrl+V) todo o conteudo do arquivo OTViewIt.Txt e do Extras.txt na sua proxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTListIt logfile created on: 10/10/2008 18:17:57 - Run

OTListIt by OldTimer - Version 1.0.7.0 Folder = C:\Documents and Settings\Anderson\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 398.50 Mb Available Physical Memory | 38.94% Memory free

2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.29% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 116.44 Gb Total Space | 9.43 Gb Free Space | 8.10% Space Free | Partition Type: NTFS

Drive D: | 116.44 Gb Total Space | 9.75 Gb Free Space | 8.38% Space Free | Partition Type: NTFS

Drive E: | 116.44 Gb Total Space | 4.58 Gb Free Space | 3.93% Space Free | Partition Type: NTFS

Drive F: | 116.45 Gb Total Space | 5.39 Gb Free Space | 4.63% Space Free | Partition Type: NTFS

Drive G: | 73.24 Gb Total Space | 1.02 Gb Free Space | 1.40% Space Free | Partition Type: NTFS

Drive H: | 38.57 Gb Total Space | 3.15 Gb Free Space | 8.15% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Drive L: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive M: | 1.87 Gb Total Space | 0.24 Gb Free Space | 13.04% Space Free | Partition Type: FAT32

Computer Name: A64

Current User Name: Anderson

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008/09/26 20:28:54 | 00,047,080 | ---- | M] () -- C:\Program Files\GbPlugin\gbpsv.exe

[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

[2007/02/10 10:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

[2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

[2006/03/09 14:29:00 | 00,143,436 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2004/08/03 23:56:58 | 00,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe

[2007/02/10 10:29:47 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

[2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

[2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

[2007/11/07 14:34:50 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe

[2008/05/28 16:13:28 | 01,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe

[2007/05/11 02:06:38 | 00,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

[2007/05/13 11:57:46 | 05,308,416 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe

[2008/05/04 16:02:26 | 04,603,904 | ---- | M] () -- C:\Documents and Settings\Anderson\Application Data\U3\0BF10B60F1931A08\LaunchPad.exe

[2008/06/17 21:09:32 | 00,143,976 | ---- | M] (PortableApps.com) -- M:\System\Apps\DBE32832-B0BD-4B71-A9A8-D0873565E545\Data\Firefox.exe

[2008/09/28 21:29:58 | 00,307,712 | ---- | M] (Mozilla Corporation) -- M:\System\Apps\DBE32832-B0BD-4B71-A9A8-D0873565E545\Data\App\firefox\firefox.exe

[2008/10/10 18:14:59 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anderson\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

File not found -- -- (GbpSv [unknown | Running])

[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

[2007/02/10 10:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])

[2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Running])

[2005/10/14 07:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [On_Demand | Stopped])

[2007/11/07 08:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90 [Disabled | Stopped])

[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

[2006/03/09 14:29:00 | 00,143,436 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2008/04/07 09:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])

[2004/08/03 23:56:58 | 00,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe -- (SLService [Auto | Running])

[2007/02/10 10:29:47 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])

[2000/08/06 01:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])

[2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])

[2007/11/07 14:34:50 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/11/17 08:05:38 | 02,297,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2006/05/10 10:27:00 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [system | Running])

[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2001/10/02 07:37:40 | 00,017,432 | ---- | M] (lecs Inc.) -- C:\WINDOWS\system32\drivers\IcRecUsb.sys -- (IcRecUsb [Auto | Stopped])

[2001/08/17 10:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir [On_Demand | Running])

[2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])

[2004/08/03 21:41:40 | 00,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])

[2004/08/03 21:41:38 | 01,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])

[2007/11/29 10:39:42 | 00,016,896 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])

[2007/11/29 10:39:40 | 00,019,328 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])

[2004/08/03 21:41:40 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax [On_Demand | Stopped])

[2006/03/09 14:29:00 | 03,650,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2004/09/02 03:24:38 | 00,082,816 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [boot | Running])

[2004/10/19 17:01:02 | 00,033,280 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Stopped])

[2004/10/19 17:01:04 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])

[2004/09/02 03:24:40 | 00,067,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [boot | Running])

[2007/09/17 15:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])

[2001/08/23 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2004/12/20 15:37:14 | 00,020,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2004/08/03 21:41:40 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys -- (RecAgent [On_Demand | Stopped])

[2007/11/13 07:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2004/08/03 21:41:44 | 00,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr [On_Demand | Running])

[2004/08/03 21:41:46 | 00,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal [On_Demand | Stopped])

[2003/01/16 14:19:32 | 00,039,348 | ---- | M] (Vireo Software) -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup [On_Demand | Running])

[2005/08/30 01:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])

[2005/08/30 01:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])

[2005/08/30 01:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])

[2006/07/24 16:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [system | Running])

[2007/11/29 10:39:42 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])

[2008/04/13 15:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])

[2007/11/29 10:39:52 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])

[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

[2004/10/26 20:24:00 | 00,223,104 | R--- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.etapa.com.br/wrdb/index.php

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (863 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)

O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll (Banco Unibanco)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -2817

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Voice Editing Launcher - C:\Program Files\Panasonic\Voice Editing\VEd1_IEMenu.html

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler\Fiddler.exe (Eric Lawrence)

O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler\Fiddler.exe (Eric Lawrence)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Sites: speed.travian.com.br (http in Trusted sites)

O15 - HKCU\..Trusted Sites: speed.travian.com.br (https in Trusted sites)

O15 - HKCU\..Trusted Sites: speed-server.travian.com.br (http in Trusted sites)

O15 - HKCU\..Trusted Sites: speed-server.travian.com.br (https in Trusted sites)

O15 - HKCU\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://www14.bancobrasil.com.br/plugin/GbpDist.cab (GbpDistObj Class)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab (GbPluginObj Class)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab (GbPluginObj Class)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - livecall - C:\Program Files\Windows Live\Messenger\msgrapp.9.0.1407.1107.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - ms-help - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msnim - C:\Program Files\Windows Live\Messenger\msgrapp.9.0.1407.1107.dll (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - saphtmlp - c:\Program Files\Common Files\SAP Shared\System\SAPHTMLP.DLL (SAP AG, Walldorf)

O18 - Protocol\Handler: - sapr3 - c:\Program Files\Common Files\SAP Shared\System\SAPHTMLP.DLL (SAP AG, Walldorf)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C}C:\Program Files\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)

O22 - SharedTaskScheduler: (scpLIB) - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

GbPluginAbn: "DllName" = C:\PROGRA~1\GbPlugin\gbiehabn.dll -- C:\Program Files\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

GbPluginBb: "DllName" = C:\PROGRA~1\GBPLUGIN\gbieh.dll -- C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)

GbPluginUni: "DllName" = C:\PROGRA~1\GbPlugin\gbiehuni.dll -- C:\Program Files\GbPlugin\gbiehuni.dll (Banco Unibanco)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}" (HKLM) -- C:\Program Files\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

"{E37CB5F0-51F5-4395-A808-5FA49E399008}" (HKLM) -- C:\Program Files\GbPlugin\gbiehuni.dll (Banco Unibanco)

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" (HKLM) -- C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2008/01/26 14:36:35 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []

[2008/08/18 10:51:38 00,000,000 | RHSD | M] -- C:\autorun.inf -- [ NTFS ]

autorun.inf []

[2008/08/18 10:51:38 00,000,000 | RHSD | M] -- D:\autorun.inf -- [ NTFS ]

AUTORUN.EXE [MZP | ]

[2008/05/05 09:24:20 | 00,034,816 | RHS- | M] (Microsoft Corporation) -- E:\AUTORUN.EXE -- [ NTFS ]

AUTORUN.INF [[AUTORUN] | | Shellexecute=AUTORUN.EXE | ]

[2008/08/17 23:15:45 | 00,000,036 | RHS- | M] () -- E:\AUTORUN.INF -- [ NTFS ]

AUTORUN.EXE [MZP | ]

[2008/05/05 09:24:20 | 00,034,816 | RHS- | M] (Microsoft Corporation) -- F:\AUTORUN.EXE -- [ NTFS ]

AUTORUN.INF [[AUTORUN] | | Shellexecute=AUTORUN.EXE | ]

[2008/08/17 23:15:45 | 00,000,036 | RHS- | M] () -- F:\AUTORUN.INF -- [ NTFS ]

AUTORUN.EXE [MZP | ]

[2008/05/05 09:24:20 | 00,034,816 | RHS- | M] (Microsoft Corporation) -- G:\AUTORUN.EXE -- [ NTFS ]

AUTORUN.INF [[AUTORUN] | | Shellexecute=AUTORUN.EXE | ]

[2008/08/17 23:15:45 | 00,000,036 | RHS- | M] () -- G:\AUTORUN.INF -- [ NTFS ]

AUTORUN.EXE [MZP | ]

[2008/05/05 09:24:20 | 00,034,816 | RHS- | M] (Microsoft Corporation) -- H:\AUTORUN.EXE -- [ NTFS ]

AUTORUN.INF [[AUTORUN] | | Shellexecute=AUTORUN.EXE | ]

[2008/08/17 23:15:45 | 00,000,036 | RHS- | M] () -- H:\AUTORUN.INF -- [ NTFS ]

autorun.inf [[AutoRun] | open=LaunchU3.exe -a | icon=LaunchU3.exe,0 | action=Run U3 Launchpad | | [Definitions] | Launchpad=LaunchPad.exe | Vtype=2 | | [CopyFiles] | FileNumber=1 | File1=LaunchPad.zip | | [update] | URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.6.1.2&brand=PelicanBFG | | | [Comment] | brand=PelicanBFG | ]

[2008/05/06 09:26:23 | 00,000,309 | R--- | M] () -- L:\autorun.inf -- [ CDFS ]

AUTORUN.INF [[AUTORUN] | | Shellexecute=AUTORUN.EXE | ]

[2008/08/18 08:36:36 | 00,000,036 | RHS- | M] () -- M:\AUTORUN.INF -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{216f64ac-d642-11dc-a9f8-000fea820db6}\Shell]

"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{216f64ac-d642-11dc-a9f8-000fea820db6}\Shell\AutoRun]

"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{216f64ac-d642-11dc-a9f8-000fea820db6}\Shell\AutoRun\command]

"" = L:\LaunchU3.exe -- [2007/10/23 04:45:39 | 01,336,632 | R--- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{216f64ad-d642-11dc-a9f8-000fea820db6}\Shell]

"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{216f64ad-d642-11dc-a9f8-000fea820db6}\Shell\AutoRun]

"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f41ac006-6b0c-11dd-ab29-000fea820db6}\Shell]

"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f41ac006-6b0c-11dd-ab29-000fea820db6}\Shell\AutoRun]

"" = Auto&Play

Compartilhar este post


Link para o post
Compartilhar em outros sites

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]

[2008/10/10 18:14:58 | 00,416,768 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anderson\Desktop\OTListIt.exe

[2008/10/09 13:25:31 | 18,426,4704 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\[DB-BR]_Bleach_189_[b40DE81C].avi

[2008/10/07 21:28:59 | 00,044,744 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\Heroes.S03E04.HDTV.XviD-LOL.srt

[2008/10/07 18:19:45 | 36,674,5600 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\Heroes.S03E04.HDTV.XviD-LOL.avi

[2008/10/05 19:02:08 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17601.exe

[2008/10/05 18:59:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2008/10/05 18:59:13 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe

[2008/10/05 18:59:13 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2008/10/05 18:59:13 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2008/10/05 18:59:13 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2008/10/05 18:59:13 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe

[2008/10/05 18:59:13 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2008/10/05 18:59:13 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2008/10/05 18:59:13 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

[2008/10/05 18:59:13 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2008/10/05 18:59:09 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17020.exe

[2008/10/05 15:55:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anderson\Application Data\Nokia Multimedia Player

[2008/10/04 18:31:05 | 28,858,5846 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\[DB]_Naruto_Shippuuden_078-079_Sub_Portuguese_Brazilian_[6C7144CF].avi

[2008/10/03 00:18:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2008/10/01 19:16:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anderson\Application Data\Thinstall

[2008/09/28 17:35:06 | 00,011,101 | ---- | C] () -- C:\Documents and Settings\Anderson\Application Data\NMM-MetaData.db

[2008/09/26 16:33:30 | 28,852,1284 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\[DB]_Naruto_Shippuuden_076-077_[933CA825].avi

[2008/09/25 15:36:09 | 00,055,501 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\vrlvd12a.zip

[2008/09/24 19:28:28 | 00,000,429 | ---- | C] () -- C:\WINDOWS\VideoToAudioConverter.ini

[2008/09/24 19:27:50 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySVid.dat

[2008/09/24 19:27:46 | 00,001,025 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\Video to Audio Converter.lnk

[2008/09/24 19:27:46 | 00,000,000 | ---D | C] -- C:\Program Files\SuperAudiotool

[2008/09/24 19:27:32 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p4now.sys

[2008/09/24 19:20:10 | 00,000,000 | ---D | C] -- C:\TEMP

[2008/09/24 19:19:05 | 00,000,000 | ---D | C] -- C:\Program Files\AVI MPEG WMV RM to MP3 Converter

[2008/09/24 19:11:55 | 00,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk

[2008/09/24 19:11:52 | 00,000,000 | ---D | C] -- C:\Program Files\MediaMonkey

[2008/09/24 16:50:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anderson\My Documents\Fiddler

[2008/09/24 16:50:06 | 00,000,000 | ---D | C] -- C:\Program Files\Fiddler

[2008/09/23 19:31:39 | 00,000,339 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\Heroes.lnk

[2008/09/22 18:33:30 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2008/09/22 18:33:26 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2008/09/22 18:32:12 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes

[2008/09/22 18:32:12 | 00,000,000 | ---D | C] -- C:\Program Files\iPod

[2008/09/22 18:32:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2008/09/22 18:31:10 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2008/09/22 18:10:52 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2008/09/18 13:26:56 | 18,413,9776 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\[DB-BR]_Bleach_188_[8C30895D].avi

[2008/09/12 13:13:01 | 17,839,6474 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\[DB]_Naruto_Shippuuden_075_Sub_Portuguese_Brazilian_[1564AA3A].avi

[2008/09/11 15:18:59 | 18,430,7712 | ---- | C] () -- C:\Documents and Settings\Anderson\Desktop\[DB-BR]_Bleach_187_[37E6F40E].avi

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[5 C:\WINDOWS\*.tmp files]

[2008/10/10 18:17:35 | 00,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini

[2008/10/10 18:14:59 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anderson\Desktop\OTListIt.exe

[2008/10/10 17:39:21 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2008/10/10 17:34:29 | 00,115,200 | ---- | M] () -- C:\Documents and Settings\Anderson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/10/10 14:20:40 | 00,008,251 | ---- | M] () -- C:\WINDOWS\WDIC.INI

[2008/10/10 06:00:19 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\FTP.Cetip.job

[2008/10/09 19:20:57 | 00,000,632 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2008/10/09 13:50:17 | 18,426,4704 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\[DB-BR]_Bleach_189_[b40DE81C].avi

[2008/10/09 12:15:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2008/10/07 22:34:47 | 36,674,5600 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\Heroes.S03E04.HDTV.XviD-LOL.avi

[2008/10/07 04:54:23 | 00,044,744 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\Heroes.S03E04.HDTV.XviD-LOL.srt

[2008/10/05 20:48:26 | 00,000,583 | ---- | M] () -- C:\Documents and Settings\Anderson\My Documents\My Sharing Folders.lnk

[2008/10/05 19:40:02 | 00,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2008/10/05 19:40:01 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008/10/05 19:39:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008/10/05 19:39:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008/10/05 19:02:05 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17601.exe

[2008/10/05 18:59:06 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17020.exe

[2008/10/04 19:26:42 | 28,858,5846 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\[DB]_Naruto_Shippuuden_078-079_Sub_Portuguese_Brazilian_[6C7144CF].avi

[2008/10/01 18:43:00 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\SySVid.dat

[2008/10/01 18:42:43 | 00,000,429 | ---- | M] () -- C:\WINDOWS\VideoToAudioConverter.ini

[2008/09/28 17:40:08 | 00,011,101 | ---- | M] () -- C:\Documents and Settings\Anderson\Application Data\NMM-MetaData.db

[2008/09/26 17:24:28 | 28,852,1284 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\[DB]_Naruto_Shippuuden_076-077_[933CA825].avi

[2008/09/25 15:36:10 | 00,055,501 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\vrlvd12a.zip

[2008/09/24 19:27:46 | 00,001,025 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\Video to Audio Converter.lnk

[2008/09/24 19:27:32 | 00,003,082 | ---- | M] () -- C:\WINDOWS\System32\affv11300p4now.sys

[2008/09/24 19:11:55 | 00,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk

[2008/09/23 19:31:39 | 00,000,339 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\Heroes.lnk

[2008/09/18 14:17:37 | 18,413,9776 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\[DB-BR]_Bleach_188_[8C30895D].avi

[2008/09/12 14:18:21 | 17,839,6474 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\[DB]_Naruto_Shippuuden_075_Sub_Portuguese_Brazilian_[1564AA3A].avi

[2008/09/11 15:40:40 | 18,430,7712 | ---- | M] () -- C:\Documents and Settings\Anderson\Desktop\[DB-BR]_Bleach_187_[37E6F40E].avi

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTListIt Extras logfile created on: 10/10/2008 18:17:57 - Run

OTListIt by OldTimer - Version 1.0.7.0 Folder = C:\Documents and Settings\Anderson\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 398.50 Mb Available Physical Memory | 38.94% Memory free

2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.29% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 116.44 Gb Total Space | 9.43 Gb Free Space | 8.10% Space Free | Partition Type: NTFS

Drive D: | 116.44 Gb Total Space | 9.75 Gb Free Space | 8.38% Space Free | Partition Type: NTFS

Drive E: | 116.44 Gb Total Space | 4.58 Gb Free Space | 3.93% Space Free | Partition Type: NTFS

Drive F: | 116.45 Gb Total Space | 5.39 Gb Free Space | 4.63% Space Free | Partition Type: NTFS

Drive G: | 73.24 Gb Total Space | 1.02 Gb Free Space | 1.40% Space Free | Partition Type: NTFS

Drive H: | 38.57 Gb Total Space | 3.15 Gb Free Space | 8.15% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Drive L: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive M: | 1.87 Gb Total Space | 0.24 Gb Free Space | 13.04% Space Free | Partition Type: FAT32

Computer Name: A64

Current User Name: Anderson

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008/04/13 15:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007/11/07 14:34:30 | 03,739,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007/10/26 15:20:20 | 00,496,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2007/05/13 11:57:46 | 05,308,416 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule

[2004/07/13 18:42:20 | 00,110,592 | ---- | M] () -- C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui

[2008/04/13 15:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2008/02/02 17:01:27 | 01,716,224 | ---- | M] (Softpointer Inc) -- C:\Program Files\TagRename\TagRename.exe:*:Enabled:Tag&Rename

[2004/10/08 09:09:41 | 01,118,208 | ---- | M] () -- C:\Documents and Settings\Anderson\Local Settings\Temp\mbsinst\INSTGUI.EXE:*:Enabled:INSTGUI

[2000/10/22 15:58:31 | 01,905,860 | ---- | M] () -- C:\MBS\gwrd.exe:*:Enabled:gwrd

[2000/10/22 15:56:11 | 21,524,096 | ---- | M] () -- C:\MBS\disp+work.exe:*:Enabled:disp+work

[2000/10/22 16:02:40 | 00,975,740 | ---- | M] () -- C:\MBS\msg_server.exe:*:Enabled:msg_server

[2004/10/08 09:09:22 | 00,786,496 | ---- | M] (SAP AG, Walldorf) -- C:\Program Files\SAPpc\sapgui\sapgui.exe:*:Enabled:SAPGUI for Win32

[2008/04/13 21:12:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program

File not found -- C:\Program Files\FlashGet\FlashGet.exe:*:Disabled:Flashget

[2007/11/07 14:34:30 | 03,739,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007/10/26 15:20:20 | 00,496,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)

[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

[2008/09/28 21:29:58 | 00,307,712 | ---- | M] (Mozilla Corporation) -- M:\System\Apps\DBE32832-B0BD-4B71-A9A8-D0873565E545\Data\App\firefox\firefox.exe:*:Enabled:Firefox

File not found -- C:\Documents and Settings\Anderson\Application Data\U3\0BF10B60F1931A08\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader

"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools

"{0FC76B71-2534-4354-B255-3468578E3F47}" = Nokia PC Suite

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1

"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU

"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java SE Development Kit 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime

"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes

"{44CE6902-84EA-11D6-887E-00609721D519}" = Voice Editing

"{4922C9E7-CD91-496A-A73B-0FDF9D54B44F}" = SAPI5_English

"{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver

"{50B631C6-6E91-4D7B-A4E0-81E7FA8D5B3D}" = SAPI5_Common

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense

"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC

"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime

"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007

"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone

"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2

"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008

"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support

"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools

"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{C52BEBC0-4A0C-42FB-B7EC-FAD0A14DD64E}" = RealSpeak_Solo_Common_for_Panasonic

"{C97AEFB5-E52F-49C8-AB51-D5F335AF8B7C}" = Panasonic Office Add-in

"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools

"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU

"{DA12E3FF-60E1-43E0-8E64-C43890A596AE}" = RealSpeak_Solo_English_for_Panasonic

"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine

"{E3A54A70-1CFA-4D79-ACD6-5AA2A98C212F}" = Samsung PC Studio 3

"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer

"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer

"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2

"{F1E17FB0-12BC-45D0-ABA3-287F2A1E3A1E}" = Windows Live Messenger

"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"219b3bb94d71729d119ee9ce52d76000" = Receitanet Java 2008.01a

"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)

"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)

"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)

"9E140F48C9836B9B78539C08FB2B17146BDB3F65" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"AP Guitar Tuner 1.02" = AP Guitar Tuner 1.02

"Babylon" = Babylon

"BitTornado" = BitTornado 0.3.7

"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)

"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)

"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)

"eMule" = eMule

"Fiddler" = Fiddler (remove only)

"getPlus®_ocx" = getPlus®_ocx

"GetRight_is1" = GetRight

"HijackThis" = HijackThis 1.99.1

"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"IRPF2008 - Declaração de Ajuste Anual" = IRPF2008 - Declaração de Ajuste Anual

"LastFM_is1" = Last.fm 1.5.1.30182

"MediaMonkey_is1" = MediaMonkey 2.4

"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5

"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime

"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU

"Mozilla Firefox (2.0.0.17)" = Mozilla Firefox (2.0.0.17)

"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)

"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NetPerSec" = NetPerSec

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Nokia PC Suite" = Nokia PC Suite

"NVIDIA Drivers" = NVIDIA Drivers

"OggDS" = Direct Show Ogg Vorbis Filter (remove only)

"ratDVD" = ratDVD 0.78.1444

"RealAlt_is1" = Real Alternative 1.52

"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"SAPMini" = SAP Mini Technology System

"SLAMRNTV" = LM-I56N

"SubtitleWorkshop" = Subtitle Workshop 2.51

"Tag&Rename_is1" = Tag&Rename 3.1.7

"Video to Audio Converter_is1" = Video to Audio Converter 1.12

"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime

"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component

"VLC media player" = VideoLAN VLC media player 0.8.6f

"VobSub" = VobSub v2.23 (Remove Only)

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WDIC" = Dic Michaelis - UOL

"WIC" = Windows Imaging Component

"Winamp" = Winamp (remove only)

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WinZip" = WinZip

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 31/08/2008 17:59:41 | Computer Name = A64 | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 1.9.0.3105, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 28/09/2008 10:03:21 | Computer Name = A64 | Source = Windows Live Messenger BETA | ID = 1000

Description =

Error - 05/10/2008 08:23:24 | Computer Name = A64 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06/10/2008 15:48:21 | Computer Name = A64 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ NetLimiter Events ]

Error - 31/12/2004 23:02:10 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

Description =

Error - 31/12/2004 23:43:06 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

Description =

Error - 31/12/2004 22:02:42 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

Description =

Error - 31/12/2004 22:01:53 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

Description =

Error - 01/01/2005 04:24:43 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

Description =

Error - 01/01/2005 06:28:51 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

Description =

Error - 29/03/2008 10:34:45 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

Description =

Error - 31/12/2004 23:05:43 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

Description =

Error - 29/03/2008 17:38:07 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

Description =

Error - 30/03/2008 12:01:20 | Computer Name = A64 | Source = NetLimiter 2 | ID = 1000

Description =

[ System Events ]

Error - 05/10/2008 15:43:55 | Computer Name = A64 | Source = Service Control Manager | ID = 7028

Description = The GbpSv Registry key denied access to SYSTEM account programs so

the Service Control Manager took ownership of the Registry key.

Error - 05/10/2008 15:44:06 | Computer Name = A64 | Source = System Error | ID = 1003

Description = Error code 000000fe, parameter1 00000002, parameter2 8606a510, parameter3

85fea138, parameter4 8607fc00.

Error - 05/10/2008 18:00:47 | Computer Name = A64 | Source = Service Control Manager | ID = 7000

Description = The IC Recorder Driver service failed to start due to the following

error: %%1058

Error - 05/10/2008 18:00:47 | Computer Name = A64 | Source = Service Control Manager | ID = 7028

Description = The GbpSv Registry key denied access to SYSTEM account programs so

the Service Control Manager took ownership of the Registry key.

Error - 05/10/2008 18:00:58 | Computer Name = A64 | Source = System Error | ID = 1003

Description = Error code 00000093, parameter1 00000714, parameter2 00000000, parameter3

00000000, parameter4 00000000.

Error - 05/10/2008 18:03:27 | Computer Name = A64 | Source = Service Control Manager | ID = 7000

Description = The IC Recorder Driver service failed to start due to the following

error: %%1058

Error - 05/10/2008 18:03:27 | Computer Name = A64 | Source = Service Control Manager | ID = 7028

Description = The GbpSv Registry key denied access to SYSTEM account programs so

the Service Control Manager took ownership of the Registry key.

Error - 05/10/2008 18:03:36 | Computer Name = A64 | Source = System Error | ID = 1003

Description = Error code 00000093, parameter1 00000708, parameter2 00000000, parameter3

00000000, parameter4 00000000.

Error - 05/10/2008 18:39:57 | Computer Name = A64 | Source = Service Control Manager | ID = 7000

Description = The IC Recorder Driver service failed to start due to the following

error: %%1058

Error - 05/10/2008 18:39:57 | Computer Name = A64 | Source = Service Control Manager | ID = 7028

Description = The GbpSv Registry key denied access to SYSTEM account programs so

the Service Control Manager took ownership of the Registry key.

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Kuevas

Mais uma vez peço desculpa pela demora... correria :)

Siga as instruções contidas no link abaixo e instale e execute o Combofix:

http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

  • É importante que instale a console de recuperação também.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt).
  • Cole o conteúdo desse arquivo e faça também um novo log do HijackThis para colocar na sua resposta.

Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver rodando, isso pode fazer com que o pc pare.

Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize correctamente poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×