Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
drico!

Análise Log Hijack

Recommended Posts

Olá pessoal!

Poderiam dar uma olhada no meu log?

aqui o internet explorer fica abrindo sozinho em propagandas e as vezes da umas "doideiras" do tipo: o mouse ficar andando ou travado em um certo lugar, ou ficar clicando sozinho sobre as coisas quando vou com a setinha do mouse em cima do item.

Obrigado!

Logfile of HijackThis v1.99.1

Scan saved at 23:47:15, on 17/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

c:\arquivos de programas\mozilla firefox\firefox.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\svchost.exe

c:\arquivos de programas\mozilla firefox\firefox.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\Arquivos de programas\Conquer 2.0\Conquer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Adriano\CONFIG~1\Temp\Rar$EX00.812\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [WMPUpdate] C:\Arquivos de programas\Windows Media Player\wmpflash.exe

O4 - HKLM\..\RunOnce: [DB Audio Control Panel] C:\Arquivos de programas\Windows Media Player\RtHDVCpl.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Desculpe a demora.

Por favor faça e cole um novo log atualizado do HijackThis.

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • está aqui um novo log.

    Logfile of HijackThis v1.99.1

    Scan saved at 01:44, on 2008-10-26

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16735)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    c:\arquivos de programas\mozilla firefox\firefox.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

    C:\WINDOWS\vsnpstd.exe

    C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

    C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

    C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

    C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

    C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

    C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\Adriano\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

    O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe"

    O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\RunOnce: [DB Audio Control Panel] C:\Arquivos de programas\Windows Media Player\RtHDVCpl.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

    O23 - Service: Bonjour Service - Unknown owner - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)

    O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Apenas o Java está desatualizado. No mais o seu log está limpo!

    Versões antigas e desatualizadas, estão mais vulneráveis aos malwares.

    • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 10 e salve no seu ambiente de trabalho (Desktop).
    • Navegue até "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
    • Clique em "Download". (está do lado direito)
    • Selecione a sua Plataforma: "Windows".
    • Selecione a sua linguagem: "Português".
    • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
    • Clique "Continue".
    • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
    • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
    • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
    • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
    • Clique em Remover ou Modificar/Remover.
    • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
    • Reinicie o seu computador, após ter removido as versões antigas de Java.
    • Dê agora o duplo-clique em jre-6u10-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Lusitano, muito obrigado!

    só uma dúvida, é sobre o problema em que eu citei na primeira mensagem;

    esse problema pode ser bug do IE?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Lusitano, muito obrigado!

    só uma dúvida, é sobre o problema em que eu citei na primeira mensagem;

    esse problema pode ser bug do IE?

    O log não mostra nada que possa originar isso!

    Continua acontecendo isso no seu IE?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá

    Continua sim, as vezes abri o IE sozinho, entra em sites como o Buscapé e mostra alguns itens a serem vendidos, e fecha sozinho também!

    Fora a setinha do mouse que também continua a ter o problema que também citei na primeira mensagem.

    Ahh eu havia me esquecido..eu uso o Real Player para assistir alguns vídeos de seriados em .rmvb, e quando estou assistindo os videos adiantam um ou dois segundos do nada!

    quando pego um video em .mpeg ou qualquer outro formato e uso outro player isso nao ocorre, será que é o problema do programa ou do meu pc mesmo?

    Lusitano, muito obrigado pela paciência e pela disposição!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    vamos pesquisar um pouco mais "fundo" :)

    • Faça o download do RSIT - random's system information tool by random/random e salve no seu desktop.
    • Duplo clique em RSIT.exe para a ferramenta ser executada.
    • Na janela que abrir (disclamer), clique em Continue.
    • Quando a ferramenta terminar de rodar, abrirá um documento do Bloco de Notas contendo o resultado do scan. Por favor cole o resultado desse log (log.txt) na sua próxima resposta.
    • Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt

    Obrigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • info.txt

    info.txt logfile of random's system information tool 1.04 2008-10-28 14:30:34

    ======Uninstall list======

    -->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

    -->C:\Arquivos de programas\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

    -->C:\WINDOWS\NuNInst.exe /UNINSTALL

    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

    -->C:\WINDOWS\UNRecode.exe /UNINSTALL

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

    Activ8-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\ARA\Activ8\Uninst.isu"

    Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

    Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

    Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

    Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

    Adobe ExtendScript Toolkit 2-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe

    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}

    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

    Adobe Photoshop CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe

    Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}

    Adobe Reader 8.1.2 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81200000003}

    Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}

    Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}

    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

    Advanced WindowsCare Personal-->"C:\Arquivos de programas\IObit\Advanced WindowsCare V2\unins000.exe"

    Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}

    Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

    ATI - Software Uninstall Utility-->C:\Arquivos de programas\ATI Technologies\UninstallAll\AtiCimUn.exe

    ATI Catalyst Control Center-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x7473

    ATI Display Driver (Omega 3.8.442)-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

    Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

    Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

    Atualização de Segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

    Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

    Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

    Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

    Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

    Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

    avast! Antivirus-->C:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

    Azureus Vuze-->C:\Arquivos de programas\Azureus\uninstall.exe

    Bluesoleil 5.0.5.178-->MsiExec.exe /X{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF}

    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}

    BS.Player PRO-->"C:\Arquivos de programas\Webteh\BSplayerPro\uninstall.exe"

    Catálogo Eletrônico Imbil V.3.0-->"c:\CEI\unins000.exe"

    Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}

    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0416-0000-0000000FF1CE}

    Conquer 2.0-->C:\Arquivos de programas\InstallShield Installation Information\{B6060381-5C28-4F86-A31A-B5ADA7A1BD8D}\setup.exe -runfromtemp -l0x0009 -removeonly

    dBpoweramp m4a Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat

    dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat

    Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"

    Electronics Workbench V5.12-->C:\WINDOWS\iun3405.exe C:\Arquivos de programas\EWB512

    FC-Win, Front-end for Fortran Calculus-->"c:\od-Tools\SETUP\setup.exe" /u

    Force 2.0-->"C:\Arquivos de programas\Force 2.0\unins000.exe"

    Google Talk (remove only)-->"C:\Arquivos de programas\Google\Google Talk\uninstall.exe"

    HijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstall

    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

    Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

    Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

    Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

    iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}

    Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

    K-Lite Mega Codec Pack 3.9.0-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"

    LimeWire PRO 4.17.1-->"C:\Arquivos de programas\LimeWire\uninstall.exe"

    MATLAB 6.1-->C:\MATLAB6p1\uninstall\uninstall.exe C:\MATLAB6p1

    Megacubo 5.0.1-->"C:\Arquivos de programas\Megacubo\unins000.exe"

    Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"

    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

    Microsoft Fortran PowerStation 4.0-->C:\MSDEV\BIN\fpscdrom.exe setup.exe "Setup Files" %s -1

    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

    Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

    mIRC-->C:\Arquivos de programas\mIRC\uninstall.exe _?=C:\Arquivos de programas\mIRC

    Mozilla Firefox (3.0.3)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

    MultiRes (remove only)-->C:\Arquivos de programas\MultiRes\uninstal.exe

    MyPhoneExplorer-->C:\Arquivos de programas\MyPhoneExplorer\uninstall.exe

    Need for Speed™ Carbon-->C:\Arquivos de programas\Electronic Arts\Need for Speed Carbon\EAUninstall.exe

    Nero 8-->MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1046}

    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

    Perry's Chemical Engineers' Handbook on CD-ROM-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\McGraw-Hill\Perry\Uninst.isu"

    Pro Evolution Soccer 6-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1033

    Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}

    QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}

    Radeon Omega Drivers v4.8.442 Setup Files and Tools-->"C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe" "/U:C:\Arquivos de programas\Radeon Omega Drivers\v4.8.442\Omega Uninstall.xml"

    RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

    Realtek AC'97 Audio-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x416 -removeonly

    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

    Sothink SWF Decompiler-->"C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\unins000.exe"

    Spybot - Search & Destroy-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins000.exe"

    SpywareBlaster 4.1-->"C:\Arquivos de programas\SpywareBlaster\unins000.exe"

    Steam-->C:\ARQUIV~1\Steam\UNWISE.EXE C:\ARQUIV~1\Steam\INSTALL.LOG

    Total Video Converter 3.12 080330-->"C:\Arquivos de programas\Total Video Converter\unins000.exe"

    Tunatic-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Tunatic

    UltraISO Premium V9.0-->"C:\Arquivos de programas\UltraISO\unins000.exe"

    Undelete Plus 2.97-->"C:\Arquivos de programas\TouchStoneSoftware\UndeletePlus\unins000.exe"

    Update Service-->C:\Arquivos de programas\Sony Ericsson\Update Service\uninst.exe

    USB PC Camera (SN9C102)-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x9

    VIA Gerenciador de dispositivo de plataforma-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

    Web Camera Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\Setup.exe" -l0x9 UNINSTALL

    Winamp-->"C:\Arquivos de programas\Winamp\UninstWA.exe"

    Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}

    Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}

    Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

    Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    WinRAR archiver-->C:\Arquivos de programas\WinRAR\uninstall.exe

    Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"

    ======Security center information======

    AV: avast! antivirus 4.8.1229 [VPS 081027-1]

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe

    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static;c:\matlab6p1\bin\win32;;C:\FPC\2.0.4\bin\i386-Win32;C:\Arquivos de programas\Arquivos comuns\Nero\Lib;C:\Arquivos de programas\Arquivos comuns\Teleca Shared;C:\Arquivos de programas\QuickTime\QTSystem

    "windir"=%SystemRoot%

    "FP_NO_HOST_CHECK"=NO

    "OS"=Windows_NT

    "PROCESSOR_ARCHITECTURE"=x86

    "PROCESSOR_LEVEL"=15

    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD

    "PROCESSOR_REVISION"=2c02

    "NUMBER_OF_PROCESSORS"=1

    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

    "TEMP"=%SystemRoot%\TEMP

    "TMP"=%SystemRoot%\TEMP

    "CLASSPATH"=.;C:\Arquivos de programas\Java\jre1.6.0_07\lib\ext\QTJava.zip

    "QTJAVA"=C:\Arquivos de programas\Java\jre1.6.0_07\lib\ext\QTJava.zip

    -----------------EOF-----------------

    log.txt

    Logfile of random's system information tool 1.04 (written by random/random)

    Run by Adriano at 2008-10-28 14:29:59

    Microsoft Windows XP Professional Service Pack 3

    System drive C: has 3 GB (7%) free of 40 GB

    Total RAM: 1023 MB (23% free)

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 14:30, on 2008-10-28

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16735)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    c:\arquivos de programas\mozilla firefox\firefox.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\vsnpstd.exe

    C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\Java\jre6\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

    C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

    C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

    C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

    C:\Arquivos de programas\Conquer 2.0\Conquer.exe

    C:\Arquivos de programas\Conquer 2.0\Conquer.exe

    C:\Arquivos de programas\LimeWire\LimeWire.exe

    C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

    C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\Adriano\Desktop\RSIT.exe

    C:\Arquivos de programas\trend micro\Adriano.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

    O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe"

    O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [sysCom] C:\WINDOWS\system\msnmsgr.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\RunOnce: [DB Audio Control Panel] C:\Arquivos de programas\Windows Media Player\RtHDVCpl.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

    O23 - Service: Bonjour Service - Unknown owner - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)

    O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

    --

    End of file - 10389 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

    Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

    RealPlayer Download and Record Plugin for Internet Explorer - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-24 370296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

    Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

    Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2008-10-27 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

    Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2008-10-27 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

    JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-27 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]

    "RaidTool"=C:\Arquivos de programas\VIA\RAID\raid_t []

    "avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

    "Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

    "snpstd"=C:\WINDOWS\vsnpstd.exe [2005-10-11 339968]

    "AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-21 344064]

    "BtTray"=C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe [2008-06-28 258134]

    "StartCCC"=C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

    "TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2008-08-24 185896]

    "AppleSyncNotifier"=C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]

    "QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2008-05-27 413696]

    "iTunesHelper"=C:\Arquivos de programas\iTunes\iTunesHelper.exe [2008-07-30 289064]

    "SysCom"=C:\WINDOWS\system\msnmsgr.exe []

    "SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2008-10-27 136600]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "DB Audio Control Panel"=C:\Arquivos de programas\Windows Media Player\RtHDVCpl.exe [2008-10-16 384000]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    "MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-14 1695232]

    "Skype"=C:\Arquivos de programas\Skype\Phone\Skype.exe [2008-09-23 21755688]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

    C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    "dontdisplaylastusername"=0

    "legalnoticecaption"=

    "legalnoticetext"=

    "shutdownwithoutlogon"=1

    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "NoDriveTypeAutoRun"=

    "NoDrives"=

    "NoDriveAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"

    "C:\Arquivos de programas\Azureus\Azureus.exe"="C:\Arquivos de programas\Azureus\Azureus.exe:*:Enabled:Azureus"

    "C:\Arquivos de programas\Steam\SteamApps\adriano_ask\counter-strike\hl.exe"="C:\Arquivos de programas\Steam\SteamApps\adriano_ask\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

    "C:\Arquivos de programas\Sony Ericsson\Update Service\Update Service.exe"="C:\Arquivos de programas\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"

    "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"

    "C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo"

    "C:\Arquivos de programas\iTunes\iTunes.exe"="C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes"

    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    "C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    "C:\Arquivos de programas\mIRC\mirc.exe"="C:\Arquivos de programas\mIRC\mirc.exe:*:Enabled:mIRC"

    "C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

    "C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Compartilhamento de aplicativo RTC"

    "C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

    "C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz"

    "C:\Arquivos de programas\Real\RealPlayer\realplay.exe"="C:\Arquivos de programas\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

    "C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

    "C:\Arquivos de programas\LimeWire\LimeWire.exe"="C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    "C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10219233-42ba-11dd-9d23-000fea22b471}]

    shell\AutoRun\command - G:\ox.cmd

    shell\explore\command - G:\ox.cmd

    shell\open\command - G:\ox.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{207f798d-7b4d-11dd-9d97-000fea22b471}]

    shell\AutoRun\command - b.bat

    shell\explore\command - b.bat

    shell\open\command - b.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa5ed0ad-1647-11dd-9cc1-001167000000}]

    shell\Auto\command - G:\msnmsgr_plus.exe

    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr_plus.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d11f92bc-13b4-11dd-9cb9-000fea22b471}]

    shell\Auto\command - H:\msnmsgr_plus.exe

    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr_plus.exe

    ======List of files/folders created in the last 1 months======

    2008-10-28 14:30:01 ----D---- C:\Arquivos de programas\trend micro

    2008-10-28 14:29:59 ----D---- C:\rsit

    2008-10-27 14:14:17 ----A---- C:\WINDOWS\system32\javaws.exe

    2008-10-27 14:14:17 ----A---- C:\WINDOWS\system32\javaw.exe

    2008-10-27 14:14:17 ----A---- C:\WINDOWS\system32\java.exe

    2008-10-27 14:14:17 ----A---- C:\WINDOWS\system32\deploytk.dll

    2008-10-27 14:03:35 ----SD---- C:\WINDOWS\Downloaded Program Files

    2008-10-27 13:31:52 ----D---- C:\Documents and Settings\Adriano\Dados de aplicativos\skypePM

    2008-10-27 13:30:50 ----D---- C:\Documents and Settings\Adriano\Dados de aplicativos\Skype

    2008-10-27 13:28:35 ----D---- C:\Arquivos de programas\Skype

    2008-10-27 13:28:35 ----D---- C:\Arquivos de programas\Arquivos comuns\Skype

    2008-10-27 13:28:21 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

    2008-10-25 23:29:16 ----D---- C:\Arquivos de programas\MSECache

    2008-10-24 03:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

    2008-10-22 01:16:15 ----D---- C:\Arquivos de programas\IObit

    2008-10-21 23:19:36 ----A---- C:\WINDOWS\IE4 Error Log.txt

    2008-10-21 23:01:36 ----D---- C:\Arquivos de programas\Lavasoft

    2008-10-21 23:01:22 ----D---- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

    2008-10-21 22:58:21 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2008-10-21 22:58:16 ----D---- C:\Arquivos de programas\SpywareBlaster

    2008-10-21 22:49:29 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

    2008-10-21 00:18:18 ----SHD---- C:\RECYCLER

    2008-10-21 00:15:40 ----A---- C:\WINDOWS\ntbtlog.txt

    2008-10-21 00:05:06 ----A---- C:\ComboFix.txt

    2008-10-20 23:59:25 ----A---- C:\Boot.bak

    2008-10-20 23:59:20 ----RASHD---- C:\cmdcons

    2008-10-18 19:55:23 ----A---- C:\WINDOWS\zip.exe

    2008-10-18 19:55:23 ----A---- C:\WINDOWS\VFIND.exe

    2008-10-18 19:55:23 ----A---- C:\WINDOWS\SWXCACLS.exe

    2008-10-18 19:55:23 ----A---- C:\WINDOWS\SWSC.exe

    2008-10-18 19:55:23 ----A---- C:\WINDOWS\SWREG.exe

    2008-10-18 19:55:23 ----A---- C:\WINDOWS\sed.exe

    2008-10-18 19:55:23 ----A---- C:\WINDOWS\NIRCMD.exe

    2008-10-18 19:55:23 ----A---- C:\WINDOWS\grep.exe

    2008-10-18 19:55:23 ----A---- C:\WINDOWS\fdsv.exe

    2008-10-18 19:55:17 ----D---- C:\WINDOWS\ERDNT

    2008-10-18 19:55:17 ----D---- C:\Qoobox

    2008-10-16 09:58:07 ----A---- C:\WINDOWS\system32\annuncioui.exe

    2008-10-15 00:36:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

    2008-10-15 00:36:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

    2008-10-15 00:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

    2008-10-15 00:34:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

    2008-10-15 00:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

    2008-10-13 22:15:55 ----D---- C:\Arquivos de programas\KONAMI

    2008-10-04 22:18:48 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

    2008-10-04 22:02:08 ----D---- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

    2008-10-04 20:20:38 ----D---- C:\Arquivos de programas\Google

    ======List of files/folders modified in the last 1 months======

    2008-10-28 14:30:02 ----D---- C:\WINDOWS\Prefetch

    2008-10-28 14:30:01 ----RD---- C:\Arquivos de programas

    2008-10-28 14:25:03 ----D---- C:\Arquivos de programas\Mozilla Firefox

    2008-10-28 13:22:02 ----D---- C:\Documents and Settings\Adriano\Dados de aplicativos\LimeWire

    2008-10-28 10:50:49 ----D---- C:\WINDOWS\Temp

    2008-10-28 00:45:12 ----D---- C:\WINDOWS\system32\CatRoot2

    2008-10-27 20:07:54 ----D---- C:\Documents and Settings\Adriano\Dados de aplicativos\BSplayer PRO

    2008-10-27 14:44:02 ----A---- C:\WINDOWS\system32\LOCALSERVICE.INI

    2008-10-27 14:44:02 ----A---- C:\WINDOWS\system32\LOCALDEVICE.INI

    2008-10-27 14:44:02 ----A---- C:\WINDOWS\system32\bscs.ini

    2008-10-27 14:41:19 ----A---- C:\WINDOWS\SchedLgU.Txt

    2008-10-27 14:14:22 ----SHD---- C:\WINDOWS\Installer

    2008-10-27 14:14:17 ----D---- C:\WINDOWS\system32

    2008-10-27 14:14:00 ----D---- C:\Arquivos de programas\Java

    2008-10-27 14:03:35 ----D---- C:\WINDOWS

    2008-10-27 13:28:35 ----D---- C:\Arquivos de programas\Arquivos comuns

    2008-10-27 07:11:48 ----A---- C:\WINDOWS\win.ini

    2008-10-27 02:59:53 ----D---- C:\Documents and Settings\Adriano\Dados de aplicativos\Azureus

    2008-10-26 13:41:48 ----D---- C:\WINDOWS\system

    2008-10-25 14:55:47 ----D---- C:\Arquivos de programas\Windows Media Player

    2008-10-24 03:01:10 ----HD---- C:\WINDOWS\inf

    2008-10-24 03:00:56 ----RSHDC---- C:\WINDOWS\system32\dllcache

    2008-10-24 03:00:39 ----HD---- C:\WINDOWS\$hf_mig$

    2008-10-22 20:31:14 ----D---- C:\Arquivos de programas\Conquer 2.0

    2008-10-21 23:01:36 ----D---- C:\WINDOWS\system32\drivers

    2008-10-21 00:16:41 ----D---- C:\Arquivos de programas\Bonjour

    2008-10-21 00:03:14 ----A---- C:\WINDOWS\system.ini

    2008-10-21 00:02:44 ----D---- C:\WINDOWS\AppPatch

    2008-10-20 23:59:25 ----RASH---- C:\boot.ini

    2008-10-18 23:55:00 ----D---- C:\Documents and Settings\Adriano\Dados de aplicativos\mIRC

    2008-10-18 23:51:21 ----D---- C:\Arquivos de programas\mIRC

    2008-10-18 19:50:50 ----RD---- C:\WINDOWS\Web

    2008-10-18 19:50:49 ----D---- C:\WINDOWS\SHELLNEW

    2008-10-18 19:25:10 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy

    2008-10-17 13:02:05 ----D---- C:\Arquivos de programas\Bridge Building Game

    2008-10-17 00:15:06 ----D---- C:\Arquivos de programas\Adobe

    2008-10-17 00:09:24 ----D---- C:\Documents and Settings\Adriano\Dados de aplicativos\Adobe

    2008-10-15 22:16:17 ----A---- C:\WINDOWS\system32\REMOTEDEVICE.INI

    2008-10-15 20:51:46 ----A---- C:\WINDOWS\system32\SHORTCUT.INI

    2008-10-15 14:36:42 ----A---- C:\WINDOWS\system32\netapi32.dll

    2008-10-15 00:36:18 ----A---- C:\WINDOWS\imsins.BAK

    2008-10-15 00:35:57 ----D---- C:\Arquivos de programas\Internet Explorer

    2008-10-15 00:35:50 ----D---- C:\WINDOWS\ie7updates

    2008-10-14 23:09:59 ----A---- C:\WINDOWS\NeroDigital.ini

    2008-10-14 22:17:23 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

    2008-10-13 22:28:22 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

    2008-10-12 21:05:06 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

    2008-10-07 17:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

    2008-10-04 22:13:44 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

    2008-10-04 22:12:48 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe

    2008-10-04 22:10:11 ----RSD---- C:\WINDOWS\Fonts

    2008-10-03 15:26:01 ----A---- C:\WINDOWS\system32\ieframe.dll

    2008-10-02 01:57:43 ----D---- C:\Dev-Cpp

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]

    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]

    R1 atitray;atitray; \??\C:\Arquivos de programas\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys []

    R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-08-04 38952]

    R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-08-04 40488]

    R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Arquivos de programas\UltraISO\drivers\ISODrive.sys []

    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]

    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]

    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]

    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]

    R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-06-24 38920]

    R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2003-05-22 17071]

    R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]

    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]

    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-28 5888]

    R3 snpstd;USB PC Camera (SN9C102); C:\WINDOWS\system32\DRIVERS\snpstd.sys [2006-05-03 390784]

    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

    R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]

    R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]

    R3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2007-03-05 19472]

    R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-08-04 125224]

    S2 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

    S2 USBKBFlt;Dritek USB Keyboard Filter; C:\WINDOWS\system32\DRIVERS\USBKBFlt.SYS []

    S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2008-06-28 34312]

    S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]

    S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]

    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

    S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-28 13352]

    S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-06-28 21672]

    S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-01-21 26248]

    S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

    S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

    S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]

    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]

    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]

    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]

    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]

    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

    S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

    S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe [2008-10-21 611664]

    R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]

    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]

    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]

    R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]

    R2 BlueSoleilCS;BlueSoleilCS; C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-06-28 1155180]

    R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe [2007-08-04 1440040]

    R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-10-27 152984]

    R2 matlabserver;MATLAB Server; C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe [2001-04-06 258048]

    R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

    R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]

    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]

    R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]

    R3 BsHelpCS;BsHelpCS; C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]

    R3 iPod Service;iPod Service; C:\Arquivos de programas\iPod\bin\iPodService.exe [2008-07-30 532264]

    R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]

    S2 Bonjour Service;Bonjour Service; C:\Arquivos de programas\Bonjour\mDNSResponder.exe []

    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-04 654848]

    S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]

    S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

    S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

    S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

    -----------------EOF-----------------

    Lusitano, muito obrigado pela ajuda.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    O seu log mostra que está infectado por um trojan banker. Este trojan é capaz de capturar senhas e as enviar para um cracker (hacker).

    Recomendações:

    1. Evite ao máximo utilizar a internet neste pc, até que ele esteja limpo.
    2. Use um PC limpo e seguro e troque todas as suas palavras-passe; palavras-chave (online passwords).
    3. Entre em contacto com as suas instituições financeiras (bancos, etc.) e informe-as desta sua situação.

    Remoção:

    Faça o download de OTMoveIt3 by OldTimer e salve no desktop.

    Duplo-Clique no icone otmi3desktopicon.png que está no seu desktop.

    Copie o texto que está abaixo dentro do "Code" e cole na área abaixo de pasteline.png:


    :processes
    explorer.exe
    :files
    C:\WINDOWS\system\msnmsgr.exe
    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SysCom"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10219233-42ba-11dd-9d23-000fea22b471}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{207f798d-7b4d-11dd-9d97-000fea22b471}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa5ed0ad-1647-11dd-9cc1-001167000000}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d11f92bc-13b4-11dd-9cb9-000fea22b471}]
    :commands
    [EmptyTemp]
    [Reboot]

    Clique agora no botão btnmoveit.png

    Caso apareça o aviso para reiniciar o computador, faça isso.

    Na sua proxima resposta, copie e cole o todo o conteúdo que está em results.png

    Se o computador reiniciou e não lhe foi possível copiar o resultado, abra o Bloco de Notas (Iniciar ~> Programs ~> Acessorios ~> Bloco de Notas), clique em Arquivo ~> Abrir e na caixa "Nome do Arquivo", coloque *.log e dê enter; Procure a pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Oi,

    Lusitano aqui está o log.

    ========== PROCESSES ==========

    Process explorer.exe killed successfully.

    ========== FILES ==========

    File/Folder C:\WINDOWS\system\msnmsgr.exe not found.

    ========== REGISTRY ==========

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SysCom deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10219233-42ba-11dd-9d23-000fea22b471}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{207f798d-7b4d-11dd-9d97-000fea22b471}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa5ed0ad-1647-11dd-9cc1-001167000000}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d11f92bc-13b4-11dd-9cb9-000fea22b471}\\ deleted successfully.

    ========== COMMANDS ==========

    File delete failed. C:\DOCUME~1\Adriano\CONFIG~1\Temp\etilqs_NppSP3MtVdFGlXJxnPfA scheduled to be deleted on reboot.

    File delete failed. C:\DOCUME~1\Adriano\CONFIG~1\Temp\~DFE3AF.tmp scheduled to be deleted on reboot.

    User's Temp folder emptied.

    User's Temporary Internet Files folder emptied.

    User's Internet Explorer cache folder emptied.

    Local Service Temp folder emptied.

    Local Service Temporary Internet Files folder emptied.

    File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4f0.dat scheduled to be deleted on reboot.

    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6dc.dat scheduled to be deleted on reboot.

    Windows Temp folder emptied.

    Java cache emptied.

    File delete failed. C:\Documents and Settings\Adriano\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\9ia83znt.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

    File delete failed. C:\Documents and Settings\Adriano\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\9ia83znt.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

    File delete failed. C:\Documents and Settings\Adriano\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\9ia83znt.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

    File delete failed. C:\Documents and Settings\Adriano\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\9ia83znt.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

    File delete failed. C:\Documents and Settings\Adriano\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\9ia83znt.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

    FireFox cache emptied.

    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10282008_184454

    Files moved on Reboot...

    File C:\DOCUME~1\Adriano\CONFIG~1\Temp\etilqs_NppSP3MtVdFGlXJxnPfA not found!

    C:\DOCUME~1\Adriano\CONFIG~1\Temp\~DFE3AF.tmp moved successfully.

    File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

    File C:\WINDOWS\temp\Perflib_Perfdata_4f0.dat not found!

    File C:\WINDOWS\temp\Perflib_Perfdata_6dc.dat not found!

    C:\Documents and Settings\Adriano\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\9ia83znt.default\Cache\_CACHE_001_ moved successfully.

    C:\Documents and Settings\Adriano\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\9ia83znt.default\Cache\_CACHE_002_ moved successfully.

    C:\Documents and Settings\Adriano\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\9ia83znt.default\Cache\_CACHE_003_ moved successfully.

    C:\Documents and Settings\Adriano\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\9ia83znt.default\Cache\_CACHE_MAP_ moved successfully.

    C:\Documents and Settings\Adriano\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\9ia83znt.default\urlclassifier3.sqlite moved successfully.

    Muito obrigado pela atenção e pela paciência.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Por favor gere e cole um novo log do HijackThis e informe se ainda nota algo estranho em seu PC.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Aqui está o log

    Logfile of HijackThis v1.99.1

    Scan saved at 17:56, on 2008-11-05

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16735)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    c:\arquivos de programas\mozilla firefox\firefox.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\vsnpstd.exe

    C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\Java\jre6\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\Skype\Phone\Skype.exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

    C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

    C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

    C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

    C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

    C:\Arquivos de programas\Winamp\winamp.exe

    C:\Arquivos de programas\Conquer 2.0\Conquer.exe

    C:\Arquivos de programas\WinRAR\WinRAR.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\DOCUME~1\Adriano\CONFIG~1\Temp\Rar$EX00.657\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

    O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe"

    O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\RunOnce: [DB Audio Control Panel] C:\Arquivos de programas\Windows Media Player\RtHDVCpl.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

    O23 - Service: Bonjour Service - Unknown owner - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)

    O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

    Lusitano, as coisas estranhas ainda permaneceram.

    Muito obrigado pela ajuda.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    [*]Duplo clique no icone desktopicon.png que está no desktop.

    [*]Leia e aceite as condições, digitando 1 e enter.

    [*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde.

    [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

    [*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

    [*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Abraço

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×