Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
OtavioFFC

Por favor analisem meu log!

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 03:07:24, on 18/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIVOS DE PROGRAMAS\Teamspeak2_RC2\TeamSpeak.exe

C:\ARQUIVOS DE PROGRAMAS\Mozilla Firefox\firefox.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.positivoinformatica.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.orkut.com/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [LightStart] D:\STFLASH.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sXe Injected] C:\ARQUIVOS DE PROGRAMAS\sXe Injected\sXe Injected.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [msnmsgr] "C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKCU\..\Run: [LightDialer] C:\ARQUIVOS DE PROGRAMAS\Turbo\Discador Turbo\DISCADOR.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download All by FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://magrela5.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://yahoo.atrativa.com.br/games/applets/gamehouse/luxor/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{14C44F00-632A-4E35-85AA-945EBE5C3DB5}: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\ARQUIVOS DE PROGRAMAS\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 13:04:32, on 23/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\ARQUIVOS DE PROGRAMAS\Tibia\Tibia.exe

C:\ARQUIVOS DE PROGRAMAS\Teamspeak2_RC2\TeamSpeak.exe

C:\ARQUIVOS DE PROGRAMAS\Mozilla Firefox\firefox.exe

C:\ARQUIVOS DE PROGRAMAS\Windows Media Player\wmplayer.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.positivoinformatica.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.orkut.com/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [LightStart] D:\STFLASH.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sXe Injected] C:\ARQUIVOS DE PROGRAMAS\sXe Injected\sXe Injected.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [msnmsgr] "C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKCU\..\Run: [LightDialer] C:\ARQUIVOS DE PROGRAMAS\Turbo\Discador Turbo\DISCADOR.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download All by FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://magrela5.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://yahoo.atrativa.com.br/games/applets/gamehouse/luxor/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{14C44F00-632A-4E35-85AA-945EBE5C3DB5}: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\ARQUIVOS DE PROGRAMAS\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok eu tentei rodar o combofix, eu instalei o console de recuperação e na hora que ele vai fazer a varredura o pc reinicia ;/

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nao Consigo reiniciar em modo seguro, eu aperto f8 e e seleciono modo seguro mas ele nao inicia o windows.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu executei o SafeBootKeyRepair depois tentei reiniciar em modo seguro, continua nao iniciando o windows...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Faça o download de OTListIt e salve no desktop.

  • Duplo clique no icone da ferrameta que está no seu desktop.
  • Clique emk Run Scan e deixe a ferramenta ser executada.
  • Quando a ferramenta finalizar o the scan, gerará dois arquivos texto:
    • OTViewIt.Txt <- Será automaticamente aberto no Bloco de Notas
    • Extras.txt <- estará no desktop

    [*] Copie (Ctrl+C) e cole (Ctrl+V) todo o conteudo do arquivo OTViewIt.Txt e do Extras.txt

    na sua proxima resposta.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTListIt Extras logfile created on: 2008-10-29 12:52:21 - Run 2

OTListIt by OldTimer - Version 1.0.11.1 Folder = C:\Documents and Settings\Otávio\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy-MM-dd

511.29 Mb Total Physical Memory | 185.36 Mb Available Physical Memory | 36.25% Memory free

1.19 Gb Paging File | 0.87 Gb Available in Paging File | 72.88% Paging File free

Paging file location(s): C:\pagefile.sys 744 1488;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74.53 Gb Total Space | 7.14 Gb Free Space | 9.58% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CAYRES

Current User Name: Otávio

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2006-10-10 09:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 11:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

File not found -- D:\setup.exe:*:Enabled:setup

[2005-10-13 13:03:32 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistente para transferência de arquivos e configurações

[2005-10-13 13:02:12 | 01,298,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool

[2005-09-29 22:42:57 | 00,081,920 | ---- | M] (Valve) -- C:\ARQUIVOS DE PROGRAMAS\Valve\hl.exe:*:Enabled:Half-Life Launcher

[2004-10-13 13:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

[2008-08-23 02:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer

[2006-09-29 23:00:14 | 00,043,520 | ---- | M] () -- C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

[2005-09-29 22:47:25 | 00,397,312 | ---- | M] (Valve) -- C:\ARQUIVOS DE PROGRAMAS\Valve\hlds.exe:*:Enabled:HLDS Launcher

File not found -- C:\Documents and Settings\José Antonio\Meus documentos\Meus arquivos recebidos\GuSTop\GuSTop.exe:*:Disabled:GuSTop

[2008-06-18 15:46:56 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\ARQUIVOS DE PROGRAMAS\LimeWire\LimeWire.exe:*:Disabled:LimeWire

File not found -- C:\Documents and Settings\José Antonio\Meus documentos\# Otávio\TibiCam_8.0\TibiCam\TibiCAM.exe:*:Enabled:TibiCAM

File not found -- D:\Jogos\chess\Chess.exe:*:Enabled:MI Chess 3.0

[2006-10-10 09:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

File not found -- C:\Documents and Settings\José Antonio\Meus documentos\# Otávio\tibicam_8.1\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM

File not found -- C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE

[2008-08-27 20:55:08 | 00,188,416 | ---- | M] () -- C:\ARQUIVOS DE PROGRAMAS\Acclaim\2moons\crashreporter.exe:*:Disabled:crashreporter

[2008-10-26 20:56:25 | 00,393,216 | ---- | M] () -- C:\ARQUIVOS DE PROGRAMAS\Acclaim\2moons\minilauncher.exe:*:Enabled:2MOONS Bad Moon Rising

File not found -- C:\ARQUIVOS DE PROGRAMAS\DreMule\emule.exe:*:Disabled:Dreamule

[2008-10-01 13:15:39 | 02,347,008 | ---- | M] (CipSoft GmbH) -- C:\ARQUIVOS DE PROGRAMAS\Tibia\Tibia.exe:*:Enabled:Tibia Player

File not found -- C:\Documents and Settings\José Antonio\Meus documentos\# Otávio\Tibia81\Tibia.exe:*:Enabled:Tibia Player

File not found -- C:\Documents and Settings\José Antonio\Meus documentos\# Otávio\tibicam_8.21\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM

[2007-06-27 00:59:00 | 00,647,168 | ---- | M] () -- C:\Documents and Settings\Otávio\Meus documentos\tibicam_8.21\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM

[2007-06-27 00:59:00 | 00,647,168 | ---- | M] () -- C:\Documents and Settings\Otávio\Meus documentos\tibicam_8.22\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM

[2008-09-10 21:55:09 | 00,159,744 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager

[2008-10-01 01:39:08 | 01,470,464 | ---- | M] (Nexon Corp.) -- C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core

[2008-08-06 12:16:52 | 02,330,624 | ---- | M] (CipSoft GmbH) -- C:\Documents and Settings\Otávio\Meus documentos\Tibia8.22\Tibia.exe:*:Enabled:Tibia Player

[2007-10-18 11:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[2008-08-11 17:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\ARQUIVOS DE PROGRAMAS\Skype\Phone\Skype.exe:*:Enabled:Skype

[2008-10-20 21:24:46 | 03,780,608 | ---- | M] () -- C:\Documents and Settings\Otávio\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi

"{0B83E00B-DEE3-44F8-97F9-0E75550EAA7D}" = OpenOffice.org 2.0

"{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}" = Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{236BB7C4-4419-42FD-0416-1E257A25E34D}" = Adobe Photoshop CS2

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A417047-2E30-4D05-8977-F706D40BFF39}" = Windows Live installer

"{3B1433E1-8355-456F-9FED-CC9DE9FCFE31}" = Microsoft Reader

"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools

"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing

"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply

"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan

"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot

"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{60844F16-2659-45BB-BF8A-C5B390D4F397}" = Bloqueador de Pop-ups (Windows Live Toolbar)

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{688E07FE-9832-4FB9-8666-FB198D86ADC6}" = 2MOONS

"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH

"{6A6B10FE-3A8C-48B8-AF8A-274BA6889734}" = Barra de Ferramentas do Outlook do Windows Live (Windows Live Toolbar)

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6FEE62BC-67E3-4083-BEE2-3C33A487F85C}" = Windows Live Toolbar

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{755EC643-E622-4BB6-9DC6-C19439AB5577}" = MICRO webcam

"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites para Windows Live Toolbar

"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7B73D22F-B1FA-447B-948D-D706616C3773}" = Detector de Feed do Windows Live Toolbar (Windows Live Toolbar)

"{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{85A43AFC-4E08-41F3-AA13-453658FEE6C8}" = MPEG2 CODEC

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{88902514-B65F-4093-AF94-8DA7B41DCCD8}" = Extensão do Windows Live Toolbar (Windows Live Toolbar)

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}" = Windows Live Messenger

"{8EDBA74D-0686-4C99-BFDD-F894678E5103}" = Adobe Common File Installer

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90280416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional com FrontPage

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{934F3C42-83E5-49EB-81C6-C22F9BB6E9B7}" = Motorola Phone Tools

"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth

"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6

"{9D57C4FB-39C1-4EC3-9386-845FD08453D5}" = Menus Inteligentes (Windows Live Toolbar)

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5 Tryout

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100

"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2

"{AC76BA86-7AD7-1046-7B44-A70000000000}" = Adobe Reader 7.0 - Português

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{AF9B8ED2-BC1A-4673-9519-3FDD5C54D71A}" = OneCare Advisor (Windows Live Toolbar)

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Assistente de Conexão do Windows Live

"{B12372D0-1BAF-4D9D-9B4D-9F649B6FC554}" = Navegação com Guias (Windows Live Toolbar)

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0

"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB49B376-1136-44B4-83FA-036334B59937}" = OLYMPUS Master 2

"{CC9EBB96-C2A8-4F73-A76F-71D423F5D9E5}" = Disney

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Software Kodak EasyShare

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext

"{E9787678-551D-4478-9682-DBB587257110}" = Adobe Help Center 1.0

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack

"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools

"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = ICatch (VI) PC Camera

"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools

"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0416-1E257A25E34D}" = Adobe Photoshop CS2

"Adobe Shockwave Player" = Adobe Shockwave Player

"avast!" = avast! Antivirus

"BitTorrent" = BitTorrent 4.24.0

"BraZip" = BraZip 9.0

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem

"Combat Arms" = Combat Arms

"Conexant USB Network" = ADSL USB Modem Network Adapter

"CoolSMS_is1" = CoolSMS 1.84

"Discador Turbo_is1" = LightDialer 3.0

"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition

"EAX Unified (SHELL)" = EAX Unified (SHELL)

"ElfBot NG_is1" = ElfBot NG 3.5.1

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50

"FlashGet(JetCar)" = FlashGet(JetCar)

"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 3.2

"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.5

"Frets on Fire" = Frets On Fire

"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker

"GOM Player" = GOM Player

"HijackThis" = HijackThis 1.99.1

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPExtendedCapabilities" = HP Customer Participation Program 9.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{755EC643-E622-4BB6-9DC6-C19439AB5577}" = MICRO webcam

"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.3 Full

"LimeWire" = LimeWire 4.18.3

"Manual de Instalação_is1" = Manual de Instalação 3.0

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MV RegClean 3.9_is1" = MV RegClean 3.9

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"Oldblivion" = Oldblivion

"Programador de Modem_is1" = LightModem 3.0

"RealAlt_is1" = Real Alternative 1.7.5

"RivaTuner" = RivaTuner v2.08

"Shockwave" = Shockwave

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4

"sXe_Injected" = sXe Injected

"SystemRequirementsLab" = System Requirements Lab

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"Tibia Auto" = NSIS Example2

"Tibia_is1" = Tibia

"TibiaBot NG_is1" = TibiaBot NG 4.8.1

"TibiaBR Cam Lite_is1" = TibiaBR Cam Lite 1.7

"TibiaBR Cam Pro_is1" = TibiaBR Cam Pro 1.7

"TMIPC" = Tibia MULTI-ip changer

"Uninstall_is1" = Uninstall 1.0.0.0

"VobSub" = VobSub v2.23 (Remove Only)

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WinAVIVideoConverter_is1" = WinAVIVideoConverter

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Live Toolbar" = Windows Live Toolbar

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinRAR archiver" = Arquivo do WinRAR

"Wisdom-soft AutoScreenRecorder 2.0 Free" = Wisdom-soft AutoScreenRecorder 2.0 Free

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Companion" = Barra de Ferramentas do Yahoo! com bloqueador de pop-up

"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"3D Hockey" = 3D Hockey

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]

Error - 2008-07-10 00:21:35 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

G:\meus docs\Oficina de ceramica - Tres Lagoas\Ceramica 21-06-08\S3010018.JPG failed,

0000001E.

Error - 2008-08-23 21:31:39 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-24 18:15:16 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-24 18:15:44 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-24 18:16:35 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-25 00:21:48 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-25 00:23:10 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-25 00:24:03 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-25 00:24:10 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-25 00:24:13 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

[ Application Events ]

Error - 2008-10-11 23:02:07 | Computer Name = CAYRES | Source = Application Hang | ID = 1002

Description = Aplicativo com falha msnmsgr.exe, versão 8.5.1302.1018, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 2008-10-13 16:04:12 | Computer Name = CAYRES | Source = Application Hang | ID = 1002

Description = Aplicativo com falha wmplayer.exe, versão 11.0.5721.5145, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 2008-10-13 16:26:45 | Computer Name = CAYRES | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.3156, módulo com

falha ntdll.dll, versão 5.1.2600.2180, endereço com falha 0x00013396.

Error - 2008-10-13 16:45:24 | Computer Name = CAYRES | Source = Application Error | ID = 1000

Description = Aplicativo com falha sxe injected.exe, versão 6.9.0.0, módulo com

falha sxe injected.exe, versão 6.9.0.0, endereço com falha 0x00001d6b.

Error - 2008-10-13 16:54:23 | Computer Name = CAYRES | Source = Application Error | ID = 1000

Description = Aplicativo com falha sxe injected.exe, versão 6.9.0.0, módulo com

falha sxe injected.exe, versão 6.9.0.0, endereço com falha 0x00001d6b.

Error - 2008-10-13 18:28:30 | Computer Name = CAYRES | Source = Application Error | ID = 1000

Description = Aplicativo com falha sxe injected.exe, versão 6.9.0.0, módulo com

falha sxe injected.exe, versão 6.9.0.0, endereço com falha 0x00001d6b.

Error - 2008-10-13 19:32:47 | Computer Name = CAYRES | Source = Application Error | ID = 1000

Description = Aplicativo com falha sxe injected.exe, versão 6.9.0.0, módulo com

falha sxe injected.exe, versão 6.9.0.0, endereço com falha 0x00001d6b.

Error - 2008-10-15 04:59:05 | Computer Name = CAYRES | Source = Application Error | ID = 1000

Description = Aplicativo com falha sxe injected.exe, versão 6.9.0.0, módulo com

falha sxe injected.exe, versão 6.9.0.0, endereço com falha 0x00001d6b.

Error - 2008-10-15 11:37:09 | Computer Name = CAYRES | Source = Application Error | ID = 1000

Description = Aplicativo com falha sxe injected.exe, versão 6.9.0.0, módulo com

falha sxe injected.exe, versão 6.9.0.0, endereço com falha 0x00001d6b.

Error - 2008-10-15 11:37:54 | Computer Name = CAYRES | Source = Application Hang | ID = 1002

Description = Aplicativo com falha TeaTimer.exe, versão 1.4.0.2, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

[ System Events ]

Error - 2008-10-28 17:58:36 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

Error - 2008-10-28 17:58:36 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço npkcrypt devido ao seguinte erro:

%%3

Error - 2008-10-28 17:59:44 | Computer Name = CAYRES | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 2008-10-28 18:18:18 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

Error - 2008-10-28 18:18:18 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço npkcrypt devido ao seguinte erro:

%%3

Error - 2008-10-29 06:33:49 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

Error - 2008-10-29 06:33:49 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço npkcrypt devido ao seguinte erro:

%%3

Error - 2008-10-29 11:49:32 | Computer Name = CAYRES | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 2008-10-29 11:50:03 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

Error - 2008-10-29 11:50:03 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço npkcrypt devido ao seguinte erro:

%%3

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTListIt logfile created on: 2008-10-29 12:52:21 - Run 2

OTListIt by OldTimer - Version 1.0.11.1 Folder = C:\Documents and Settings\Otávio\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy-MM-dd

511.29 Mb Total Physical Memory | 185.36 Mb Available Physical Memory | 36.25% Memory free

1.19 Gb Paging File | 0.87 Gb Available in Paging File | 72.88% Paging File free

Paging file location(s): C:\pagefile.sys 744 1488;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74.53 Gb Total Space | 7.14 Gb Free Space | 9.58% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CAYRES

Current User Name: Otávio

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008-07-19 11:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\aswUpdSv.exe

[2008-07-19 11:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\ashServ.exe

[2008-03-11 08:18:00 | 00,050,984 | ---- | M] () -- C:\ARQUIVOS DE PROGRAMAS\GbPlugin\GbpSv.exe

[2007-06-29 01:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2003-02-04 08:22:30 | 00,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE

[2008-07-19 11:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\ashMaiSv.exe

[2008-07-23 11:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\ashWebSv.exe

[2005-10-13 13:03:39 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[2008-07-19 11:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\ashDisp.exe

[2005-10-13 13:03:28 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2006-09-01 15:57:48 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\ARQUIVOS DE PROGRAMAS\QuickTime\qttask.exe

[2008-06-10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\ARQUIVOS DE PROGRAMAS\Java\jre1.6.0_07\bin\jusched.exe

[2007-10-18 11:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe

[2005-05-31 01:04:00 | 01,415,824 | ---- | M] (Safer Networking Limited) -- C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\TeaTimer.exe

[2008-07-18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

[2008-07-18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

[2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\usnsvc.exe

[2008-10-27 12:49:23 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Otávio\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2006-10-20 20:17:33 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])

[2004-07-15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008-07-19 11:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

[2008-07-19 11:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

[2008-07-19 11:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

[2008-07-23 11:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

File not found -- -- (GbpSv [unknown | Running])

[2007-06-12 19:20:13 | 00,138,168 | ---- | M] (Google) -- C:\ARQUIVOS DE PROGRAMAS\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2004-10-22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2007-06-29 01:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2003-02-04 08:22:30 | 00,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess [Auto | Running])

[2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

[2007-10-25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

[2006-11-02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008-07-19 11:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running])

[2006-03-31 14:38:00 | 03,960,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2008-07-19 11:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

[2008-07-19 11:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

[2008-07-19 11:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

[2008-07-19 11:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running])

[2008-07-19 11:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

[2002-10-01 14:43:32 | 00,119,798 | ---- | M] (SP) -- C:\WINDOWS\system32\drivers\SPCA561.SYS -- (CA561 [On_Demand | Running])

[2003-03-21 06:10:00 | 00,023,296 | R--- | M] (Conexant) -- C:\WINDOWS\system32\drivers\CnxTrLan.sys -- (CnxTrLan [On_Demand | Stopped])

[2003-03-21 06:10:00 | 00,050,560 | R--- | M] (Conexant) -- C:\WINDOWS\system32\drivers\CnxTrUsb.sys -- (CnxTrUsb [On_Demand | Stopped])

[2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus [boot | Running])

[2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt [boot | Running])

[2001-08-17 17:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])

[2004-04-14 23:57:20 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Running])

[2007-03-08 01:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

[2007-03-08 01:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

[2007-03-08 01:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

[2004-09-29 04:35:30 | 00,219,136 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])

[2004-09-29 04:33:50 | 01,036,928 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])

[2005-09-20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])

[2004-03-17 01:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2001-08-17 21:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])

[2007-06-18 14:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem [On_Demand | Stopped])

[2007-06-29 01:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2006-11-07 23:01:09 | 00,033,952 | ---- | M] () -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32 [system | Running])

[2008-06-26 00:23:35 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])

[2005-10-13 13:01:02 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2005-10-26 17:12:48 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2008-03-10 05:10:00 | 00,009,088 | ---- | M] () -- C:\ARQUIVOS DE PROGRAMAS\RivaTuner v2.08\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Stopped])

[2002-06-10 00:09:08 | 00,031,232 | ---- | M] (Robert Schlabbach) -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS -- (RMSPPPOE [On_Demand | Running])

[2005-10-13 13:22:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Stopped])

[2004-06-03 13:24:52 | 00,167,168 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr [On_Demand | Stopped])

[2007-11-13 07:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])

[2004-03-24 09:22:26 | 00,138,396 | ---- | M] () -- C:\WINDOWS\system32\drivers\pfc027.sys -- (SoC PC-Camera Service [On_Demand | Stopped])

[2001-08-17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])

[2007-06-04 15:58:13 | 00,639,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2004-08-03 20:07:44 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\UAGP35.SYS -- (uagp35 [boot | Running])

[2003-12-26 02:22:00 | 00,024,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBSER.SYS -- (usbser [On_Demand | Stopped])

[2003-07-02 04:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [boot | Running])

[2005-06-01 18:06:54 | 00,227,712 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Stopped])

[2001-10-18 12:00:00 | 00,006,144 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\viaidexp.sys -- (ViaIde [boot | Running])

[2005-08-24 13:34:30 | 00,060,928 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [boot | Running])

[2003-11-07 07:07:52 | 00,391,680 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\system32\drivers\viasens.sys -- (VIASens [On_Demand | Stopped])

[2003-12-18 19:36:44 | 00,113,024 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio [On_Demand | Stopped])

[2004-08-04 00:37:54 | 00,032,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [system | Stopped])

[2006-11-02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

[2004-09-29 04:34:24 | 00,702,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.positivoinformatica.com.br/

URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (322223 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 {undo}.baidu.com

O1 - Hosts: 127.0.0.1 {undo}.hotlinkfiles.com

O1 - Hosts: 127.0.0.1 {undo}.meine-grußkarten.de

O1 - Hosts: 127.0.0.1 {undo}.pcsleek.com

O1 - Hosts: 127.0.0.1 {undo}/baidu.com

O1 - Hosts: 127.0.0.1 {undo}/hotlinkfiles.com

O1 - Hosts: 127.0.0.1 {undo}/meine-grußkarten.de

O1 - Hosts: 127.0.0.1 {undo}/pcsleek.com

O1 - Hosts: 127.0.0.1 {undo}888.com

O1 - Hosts: 127.0.0.1 {undo}bar.baidu.com

O1 - Hosts: 127.0.0.1 {undo}images.888.com

O1 - Hosts: 127.0.0.1 {undo}www.888.com

O1 - Hosts: 127.0.0.1 {undo}www.baidu.com

O1 - Hosts: 127.0.0.1 {undo}www.hotlinkfiles.com

O1 - Hosts: 127.0.0.1 {undo}www.meine-grußkarten.de

O1 - Hosts: 127.0.0.1 {undo}www.pcsleek.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 11341 more lines...

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Reg Error: Value does not exist or could not be read. File not found

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\ARQUIVOS DE PROGRAMAS\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\ARQUIVOS DE PROGRAMAS\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIVOS DE PROGRAMAS\FlashGet\Jccatch.dll (FlashGet)

O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - Reg Error: Value does not exist or could not be read. File not found

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\ARQUIVOS DE PROGRAMAS\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\ARQUIVOS DE PROGRAMAS\Google\GoogleToolbar4.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\ARQUIVOS DE PROGRAMAS\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\ARQUIVOS DE PROGRAMAS\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll ()

O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIVOS DE PROGRAMAS\FlashGet\getflash.dll ()

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\ARQUIVOS DE PROGRAMAS\Google\GoogleToolbar4.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\ARQUIVOS DE PROGRAMAS\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIVOS DE PROGRAMAS\FlashGet\fgiebar.dll (Amaze Soft)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value does not exist or could not be read. File not found

O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\ARQUIVOS DE PROGRAMAS\Google\GoogleToolbar4.dll (Google Inc.)

O3 - HKCU\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\ARQUIVOS DE PROGRAMAS\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [LightStart] D:\STFLASH.EXE File not found

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()

O4 - HKLM..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [sXe Injected] C:\ARQUIVOS DE PROGRAMAS\sXe Injected\sXe Injected.exe (sXe Injected)

O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe File not found

O4 - HKCU..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe File not found

O4 - HKCU..\Run: [LightDialer] C:\ARQUIVOS DE PROGRAMAS\Turbo\Discador Turbo\DISCADOR.EXE (LightComm)

O4 - HKCU..\Run: [msnmsgr] "C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download All by FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ARQUIVOS DE PROGRAMAS\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\ARQUIVOS DE PROGRAMAS\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\ARQUIVOS DE PROGRAMAS\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIVOS DE PROGRAMAS\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIVOS DE PROGRAMAS\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIVOS DE PROGRAMAS\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIVOS DE PROGRAMAS\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIVOS DE PROGRAMAS\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Sites: 42 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab (Minesweeper Flags Class)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} https://www.e-games.com.my/com/EGamesPlugin.cab (EGamesPlugin Class)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://magrela5.spaces.live.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://yahoo.atrativa.com.br/games/applets/gamehouse/luxor/mjolauncher.cab (MJLauncherCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} http://www.radarsync.com/RSActiveX.ocx (RSActiveXObj Control)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://www14.bancobrasil.com.br/plugin/GbpDist.cab (GbpDistObj Class)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab (GbPluginObj Class)

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)

O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key does not exist or could not be opened.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - livecall - C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msnim - C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap11 - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - skype4com - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter: - text/xml - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

GbPluginBb: "DllName" = C:\ARQUIV~1\GbPlugin\gbieh.dll -- C:\ARQUIVOS DE PROGRAMAS\GbPlugin\gbieh.dll (Banco do Brasil)

igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}" (HKLM) -- C:\WINDOWS\Downloaded Program Files\gbiehabn.dll ()

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" (HKLM) -- C:\ARQUIVOS DE PROGRAMAS\GbPlugin\gbieh.dll (Banco do Brasil)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2006-02-05 16:33:43 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Automap []

[2008-04-09 13:17:29 00,000,000 | ---D | M] -- C:\Automap -- [ NTFS ]

autorun.inf []

[2008-07-04 23:15:02 00,000,000 | ---D | M] -- C:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a76ea3f-a271-11db-b199-00300a268e1f}\Shell\AutoRun\command]

"" = G:\930jn.bat -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a76ea3f-a271-11db-b199-00300a268e1f}\Shell\explore\Command]

"" = G:\930jn.bat -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a76ea3f-a271-11db-b199-00300a268e1f}\Shell\open\Command]

"" = G:\930jn.bat -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cac768-7dcc-11d9-8b67-806d6172696f}\Shell]

"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cac768-7dcc-11d9-8b67-806d6172696f}\Shell\AutoRun\command]

"" = D:\Setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af5aaf8d-8ae3-11dc-b67a-cccf9fe9f18d}\Shell\AutoRun\command]

"" = G:\2fiji.com -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af5aaf8d-8ae3-11dc-b67a-cccf9fe9f18d}\Shell\explore\Command]

"" = G:\2fiji.com -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af5aaf8d-8ae3-11dc-b67a-cccf9fe9f18d}\Shell\open\Command]

"" = G:\2fiji.com -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccc1e356-5104-11dc-b552-00300a268e1f}\Shell\AutoRun\command]

"" = F:\ka1nk.bat -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccc1e356-5104-11dc-b552-00300a268e1f}\Shell\explore\Command]

"" = F:\ka1nk.bat -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccc1e356-5104-11dc-b552-00300a268e1f}\Shell\open\Command]

"" = F:\ka1nk.bat -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P\Shell\AutoRun\command]

"" = P:\Setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]

[2008-10-28 17:07:38 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Tibia Multi IP Changer

[2008-10-27 18:30:49 | 00,070,369 | ---- | C] () -- C:\Documents and Settings\Otávio\Meus documentos\Saint-demon.cam

[2008-10-27 18:02:32 | 00,086,834 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\adsadssda.cam

[2008-10-27 12:49:21 | 00,418,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Otávio\Desktop\OTListIt.exe

[2008-10-24 00:52:26 | 00,000,000 | ---D | C] -- C:\ComboFix

[2008-10-24 00:52:25 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF20280.exe

[2008-10-24 00:44:14 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2008-10-24 00:44:10 | 00,261,920 | ---- | C] () -- C:\cmldr

[2008-10-24 00:44:06 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2008-10-24 00:42:01 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2008-10-24 00:42:01 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2008-10-24 00:42:01 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2008-10-24 00:42:01 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2008-10-24 00:42:01 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe

[2008-10-24 00:42:01 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2008-10-24 00:42:01 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2008-10-24 00:42:01 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

[2008-10-24 00:42:01 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2008-10-24 00:41:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2008-10-24 00:41:55 | 00,000,000 | ---D | C] -- C:\Qoobox

[2008-10-24 00:41:54 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF18220.exe

[2008-10-24 00:40:21 | 02,995,152 | R--- | C] () -- C:\Documents and Settings\Otávio\Desktop\ComboFix.exe

[2008-10-23 19:09:32 | 00,105,501 | RHS- | C] () -- C:\xih9.cmd

[2008-10-23 19:08:49 | 00,105,018 | RHS- | C] () -- C:\xlk9.com

[2008-10-23 15:18:33 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\ÒAKEÒAKEÒKA.cam

[2008-10-20 12:40:24 | 00,106,249 | RHS- | C] () -- C:\2fiji.com

[2008-10-19 16:28:48 | 00,025,235 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\clown'er down.cam

[2008-10-18 15:08:03 | 00,462,517 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Poi parte 2.cam

[2008-10-18 13:26:15 | 00,605,442 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Poi parte 1.cam

[2008-10-16 13:30:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\SSScanAppDataDir

[2008-10-16 13:29:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\MSScanAppDataDir

[2008-10-16 03:33:38 | 00,105,198 | RHS- | C] () -- C:\9.cmd

[2008-10-15 21:10:43 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Atalho para mc831.lnk

[2008-10-15 20:00:41 | 00,059,977 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Btt.cam

[2008-10-13 21:09:38 | 18,075,648 | ---- | C] () -- C:\eav_nt32_ptb.msi

[2008-10-13 16:27:02 | 00,094,535 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\lol.cam

[2008-10-13 14:04:27 | 00,104,628 | RHS- | C] () -- C:\68.exe

[2008-10-10 20:30:28 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\TibiaBot NG.lnk

[2008-10-10 20:30:25 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\TibiaBotNG

[2008-10-10 20:29:43 | 03,634,841 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-4.8.1.exe

[2008-10-10 17:51:18 | 00,069,359 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\demonzitos.cam

[2008-10-10 00:49:47 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\TibiaBR Cam Pro

[2008-10-10 00:48:59 | 01,727,138 | ---- | C] (TibiaBR ) -- C:\Documents and Settings\Otávio\Desktop\TibiaBRCamPro-1.7.exe

[2008-10-06 19:44:09 | 01,204,434 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-3.5.1.exe

[2008-10-05 00:48:30 | 01,204,006 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-3.5.exe

[2008-10-04 14:10:08 | 00,923,145 | ---- | C] (TibiaBR ) -- C:\Documents and Settings\Otávio\Desktop\TibiaBRCamLite-1.7.exe

[2008-10-02 22:41:15 | 00,735,049 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\clonagem.swf

[2008-10-02 18:51:52 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Valve

[2008-10-02 18:34:20 | 00,001,684 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\sXe Injected.lnk

[2008-10-02 18:30:23 | 00,001,679 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Counter Strike 1.6 Non Steam.lnk

[2008-10-02 18:30:23 | 00,001,659 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Dedicated Server.lnk

[2008-10-02 18:29:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Desktop\Patch v23 - CS Online

[2008-10-02 18:26:22 | 23,837,581 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Patch v23 - CS Online.zip

[2008-10-02 13:42:16 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\TibiaBot NG8.30

[2008-10-02 13:40:20 | 03,643,563 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-4.8.0.exe

[2008-10-01 20:37:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Meus documentos\Tibia8.22

[2008-10-01 20:33:34 | 18,803,256 | ---- | C] (CipSoft GmbH ) -- C:\Documents and Settings\Otávio\Desktop\tibia822.exe

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]

[43 C:\WINDOWS\System32\*.tmp files]

[2008-10-29 12:51:46 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Otávio\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2008-10-29 12:50:18 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-10-29 12:49:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-10-29 12:49:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-10-29 12:49:26 | 53,620,3264 | -HS- | M] () -- C:\hiberfil.sys

[2008-10-29 11:32:02 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

[2008-10-29 00:45:55 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2008-10-28 23:58:15 | 00,040,448 | -HS- | M] () -- C:\Documents and Settings\Otávio\Desktop\Thumbs.db

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Otávio\Desktop\Thumbs.db:encryptable

[2008-10-28 18:45:31 | 03,178,796 | -H-- | M] () -- C:\Documents and Settings\Otávio\Configurações locais\Dados de aplicativos\IconCache.db

[2008-10-27 21:48:40 | 00,105,501 | RHS- | M] () -- C:\xih9.cmd

[2008-10-27 18:30:49 | 00,070,369 | ---- | M] () -- C:\Documents and Settings\Otávio\Meus documentos\Saint-demon.cam

[2008-10-27 18:02:32 | 00,086,834 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\adsadssda.cam

[2008-10-27 12:49:23 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Otávio\Desktop\OTListIt.exe

[2008-10-26 18:00:00 | 00,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan.job

[2008-10-24 00:52:19 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF20280.exe

[2008-10-24 00:44:14 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2008-10-24 00:41:49 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF18220.exe

[2008-10-24 00:40:49 | 02,995,152 | R--- | M] () -- C:\Documents and Settings\Otávio\Desktop\ComboFix.exe

[2008-10-23 15:18:33 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\ÒAKEÒAKEÒKA.cam

[2008-10-22 06:14:32 | 00,105,018 | RHS- | M] () -- C:\xlk9.com

[2008-10-21 11:58:27 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Otávio\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-10-20 11:56:38 | 00,106,249 | RHS- | M] () -- C:\2fiji.com

[2008-10-19 16:28:48 | 00,025,235 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\clown'er down.cam

[2008-10-19 06:58:20 | 00,000,931 | ---- | M] () -- C:\WINDOWS\win.ini

[2008-10-18 15:08:03 | 00,462,517 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\Poi parte 2.cam

[2008-10-18 13:26:15 | 00,605,442 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\Poi parte 1.cam

[2008-10-17 12:39:25 | 00,016,896 | -HS- | M] () -- C:\WINDOWS\Thumbs.db

@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable

[2008-10-16 11:28:23 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-10-16 03:35:12 | 00,105,198 | RHS- | M] () -- C:\9.cmd

[2008-10-15 21:10:43 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\Atalho para mc831.lnk

[2008-10-15 20:00:41 | 00,059,977 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\Btt.cam

[2008-10-15 13:59:29 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll

[2008-10-15 13:59:29 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008-10-15 12:35:41 | 00,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008-10-13 22:43:02 | 00,009,728 | -HS- | M] () -- C:\WINDOWS\System32\Thumbs.db

@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\Thumbs.db:encryptable

[2008-10-13 21:09:39 | 18,075,648 | ---- | M] () -- C:\eav_nt32_ptb.msi

[2008-10-13 16:27:03 | 00,094,535 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\lol.cam

[2008-10-13 14:05:25 | 00,104,628 | RHS- | M] () -- C:\68.exe

[2008-10-10 20:30:28 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\TibiaBot NG.lnk

[2008-10-10 20:30:09 | 03,634,841 | ---- | M] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-4.8.1.exe

[2008-10-10 17:51:18 | 00,069,359 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\demonzitos.cam

[2008-10-10 00:49:24 | 01,727,138 | ---- | M] (TibiaBR ) -- C:\Documents and Settings\Otávio\Desktop\TibiaBRCamPro-1.7.exe

[2008-10-07 16:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-10-06 19:44:30 | 00,000,663 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\ElfBot NG.lnk

[2008-10-06 19:44:18 | 01,204,434 | ---- | M] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-3.5.1.exe

[2008-10-06 00:18:55 | 00,001,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk

[2008-10-05 00:48:37 | 01,204,006 | ---- | M] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-3.5.exe

[2008-10-04 14:10:19 | 00,923,145 | ---- | M] (TibiaBR ) -- C:\Documents and Settings\Otávio\Desktop\TibiaBRCamLite-1.7.exe

[2008-10-03 14:26:01 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll

[2008-10-03 14:26:01 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2008-10-02 22:41:19 | 00,735,049 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\clonagem.swf

[2008-10-02 18:57:03 | 00,001,679 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\Counter Strike 1.6 Non Steam.lnk

[2008-10-02 18:57:03 | 00,001,659 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\Dedicated Server.lnk

[2008-10-02 18:34:20 | 00,001,684 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\sXe Injected.lnk

[2008-10-02 18:29:28 | 23,837,581 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\Patch v23 - CS Online.zip

[2008-10-02 13:40:48 | 03,643,563 | ---- | M] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-4.8.0.exe

[2008-10-01 20:36:32 | 18,803,256 | ---- | M] (CipSoft GmbH ) -- C:\Documents and Settings\Otávio\Desktop\tibia822.exe

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Faça o download de OTMoveIt3 by OldTimer e salve no desktop.

Duplo-Clique no icone otmi3desktopicon.png que está no seu desktop.

Copie o texto que está abaixo dentro do "Code" e cole na área abaixo de pasteline.png:


:processes
explorer.exe
:files
C:\WINDOWS\system32\ckvo.exe
C:\xih9.cmd
C:\xlk9.com
:commands
[EmptyTemp]
[Reboot]

Clique agora no botão btnmoveit.png

Caso apareça o aviso para reiniciar o computador, faça isso.

Na sua proxima resposta, copie e cole o todo o conteúdo que está em results.png

Se o computador reiniciou e não lhe foi possível copiar o resultado, abra o Bloco de Notas (Iniciar ~> Programs ~> Acessorios ~> Bloco de Notas), clique em Arquivo ~> Abrir e na caixa "Nome do Arquivo", coloque *.log e dê enter; Procure a pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder C:\WINDOWS\system32\ckvo.exe not found.

C:\xih9.cmd moved successfully.

C:\xlk9.com moved successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_624.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

FireFox cache emptied.

Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11032008_125339

Files moved on Reboot...

File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

File C:\WINDOWS\temp\Perflib_Perfdata_624.dat not found!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 17:36, on 2008-11-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIVOS DE PROGRAMAS\Tibia\tibia.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIVOS DE PROGRAMAS\Ventrilo\Ventrilo.exe

C:\ARQUIVOS DE PROGRAMAS\Mozilla Firefox\firefox.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.positivoinformatica.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.orkut.com/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LightStart] D:\STFLASH.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sXe Injected] C:\ARQUIVOS DE PROGRAMAS\sXe Injected\sXe Injected.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [msnmsgr] "C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightDialer] C:\ARQUIVOS DE PROGRAMAS\Turbo\Discador Turbo\DISCADOR.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download All by FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://magrela5.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://yahoo.atrativa.com.br/games/applets/gamehouse/luxor/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{14C44F00-632A-4E35-85AA-945EBE5C3DB5}: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\ARQUIVOS DE PROGRAMAS\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu Java está desatualizado.

Versões antigas e desatualizadas, estão mais vulneráveis aos malwares.

  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 10 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu computador, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u10-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

No mais o seu log está limpo

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Desative e ative novamente a Restauração do Sistema
  • Utilize um navegador alternativo e mais seguro: firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <=
    IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×