Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
OtavioFFC

Por favor analisem meu log!

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 03:07:24, on 18/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIVOS DE PROGRAMAS\Teamspeak2_RC2\TeamSpeak.exe

C:\ARQUIVOS DE PROGRAMAS\Mozilla Firefox\firefox.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.positivoinformatica.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.orkut.com/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [LightStart] D:\STFLASH.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sXe Injected] C:\ARQUIVOS DE PROGRAMAS\sXe Injected\sXe Injected.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [msnmsgr] "C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKCU\..\Run: [LightDialer] C:\ARQUIVOS DE PROGRAMAS\Turbo\Discador Turbo\DISCADOR.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download All by FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://magrela5.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://yahoo.atrativa.com.br/games/applets/gamehouse/luxor/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{14C44F00-632A-4E35-85AA-945EBE5C3DB5}: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\ARQUIVOS DE PROGRAMAS\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Desculpe a demora.

Por favor faça e cole um novo log atualizado do HijackThis.

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 13:04:32, on 23/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\ARQUIVOS DE PROGRAMAS\Tibia\Tibia.exe

C:\ARQUIVOS DE PROGRAMAS\Teamspeak2_RC2\TeamSpeak.exe

C:\ARQUIVOS DE PROGRAMAS\Mozilla Firefox\firefox.exe

C:\ARQUIVOS DE PROGRAMAS\Windows Media Player\wmplayer.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.positivoinformatica.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.orkut.com/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [LightStart] D:\STFLASH.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sXe Injected] C:\ARQUIVOS DE PROGRAMAS\sXe Injected\sXe Injected.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [msnmsgr] "C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKCU\..\Run: [LightDialer] C:\ARQUIVOS DE PROGRAMAS\Turbo\Discador Turbo\DISCADOR.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download All by FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://magrela5.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://yahoo.atrativa.com.br/games/applets/gamehouse/luxor/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{14C44F00-632A-4E35-85AA-945EBE5C3DB5}: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\ARQUIVOS DE PROGRAMAS\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok eu tentei rodar o combofix, eu instalei o console de recuperação e na hora que ele vai fazer a varredura o pc reinicia ;/

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nao Consigo reiniciar em modo seguro, eu aperto f8 e e seleciono modo seguro mas ele nao inicia o windows.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu executei o SafeBootKeyRepair depois tentei reiniciar em modo seguro, continua nao iniciando o windows...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Faça o download de OTListIt e salve no desktop.

  • Duplo clique no icone da ferrameta que está no seu desktop.
  • Clique emk Run Scan e deixe a ferramenta ser executada.
  • Quando a ferramenta finalizar o the scan, gerará dois arquivos texto:
    • OTViewIt.Txt <- Será automaticamente aberto no Bloco de Notas
    • Extras.txt <- estará no desktop

    [*] Copie (Ctrl+C) e cole (Ctrl+V) todo o conteudo do arquivo OTViewIt.Txt e do Extras.txt

    na sua proxima resposta.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logs estão abaixo

Editado por OtavioFFC

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTListIt Extras logfile created on: 2008-10-29 12:52:21 - Run 2

OTListIt by OldTimer - Version 1.0.11.1 Folder = C:\Documents and Settings\Otávio\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy-MM-dd

511.29 Mb Total Physical Memory | 185.36 Mb Available Physical Memory | 36.25% Memory free

1.19 Gb Paging File | 0.87 Gb Available in Paging File | 72.88% Paging File free

Paging file location(s): C:\pagefile.sys 744 1488;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74.53 Gb Total Space | 7.14 Gb Free Space | 9.58% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CAYRES

Current User Name: Otávio

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2006-10-10 09:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 11:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

File not found -- D:\setup.exe:*:Enabled:setup

[2005-10-13 13:03:32 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistente para transferência de arquivos e configurações

[2005-10-13 13:02:12 | 01,298,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool

[2005-09-29 22:42:57 | 00,081,920 | ---- | M] (Valve) -- C:\ARQUIVOS DE PROGRAMAS\Valve\hl.exe:*:Enabled:Half-Life Launcher

[2004-10-13 13:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

[2008-08-23 02:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer

[2006-09-29 23:00:14 | 00,043,520 | ---- | M] () -- C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

[2005-09-29 22:47:25 | 00,397,312 | ---- | M] (Valve) -- C:\ARQUIVOS DE PROGRAMAS\Valve\hlds.exe:*:Enabled:HLDS Launcher

File not found -- C:\Documents and Settings\José Antonio\Meus documentos\Meus arquivos recebidos\GuSTop\GuSTop.exe:*:Disabled:GuSTop

[2008-06-18 15:46:56 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\ARQUIVOS DE PROGRAMAS\LimeWire\LimeWire.exe:*:Disabled:LimeWire

File not found -- C:\Documents and Settings\José Antonio\Meus documentos\# Otávio\TibiCam_8.0\TibiCam\TibiCAM.exe:*:Enabled:TibiCAM

File not found -- D:\Jogos\chess\Chess.exe:*:Enabled:MI Chess 3.0

[2006-10-10 09:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

File not found -- C:\Documents and Settings\José Antonio\Meus documentos\# Otávio\tibicam_8.1\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM

File not found -- C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE

[2008-08-27 20:55:08 | 00,188,416 | ---- | M] () -- C:\ARQUIVOS DE PROGRAMAS\Acclaim\2moons\crashreporter.exe:*:Disabled:crashreporter

[2008-10-26 20:56:25 | 00,393,216 | ---- | M] () -- C:\ARQUIVOS DE PROGRAMAS\Acclaim\2moons\minilauncher.exe:*:Enabled:2MOONS Bad Moon Rising

File not found -- C:\ARQUIVOS DE PROGRAMAS\DreMule\emule.exe:*:Disabled:Dreamule

[2008-10-01 13:15:39 | 02,347,008 | ---- | M] (CipSoft GmbH) -- C:\ARQUIVOS DE PROGRAMAS\Tibia\Tibia.exe:*:Enabled:Tibia Player

File not found -- C:\Documents and Settings\José Antonio\Meus documentos\# Otávio\Tibia81\Tibia.exe:*:Enabled:Tibia Player

File not found -- C:\Documents and Settings\José Antonio\Meus documentos\# Otávio\tibicam_8.21\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM

[2007-06-27 00:59:00 | 00,647,168 | ---- | M] () -- C:\Documents and Settings\Otávio\Meus documentos\tibicam_8.21\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM

[2007-06-27 00:59:00 | 00,647,168 | ---- | M] () -- C:\Documents and Settings\Otávio\Meus documentos\tibicam_8.22\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM

[2008-09-10 21:55:09 | 00,159,744 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager

[2008-10-01 01:39:08 | 01,470,464 | ---- | M] (Nexon Corp.) -- C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core

[2008-08-06 12:16:52 | 02,330,624 | ---- | M] (CipSoft GmbH) -- C:\Documents and Settings\Otávio\Meus documentos\Tibia8.22\Tibia.exe:*:Enabled:Tibia Player

[2007-10-18 11:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[2008-08-11 17:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\ARQUIVOS DE PROGRAMAS\Skype\Phone\Skype.exe:*:Enabled:Skype

[2008-10-20 21:24:46 | 03,780,608 | ---- | M] () -- C:\Documents and Settings\Otávio\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi

"{0B83E00B-DEE3-44F8-97F9-0E75550EAA7D}" = OpenOffice.org 2.0

"{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}" = Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{236BB7C4-4419-42FD-0416-1E257A25E34D}" = Adobe Photoshop CS2

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A417047-2E30-4D05-8977-F706D40BFF39}" = Windows Live installer

"{3B1433E1-8355-456F-9FED-CC9DE9FCFE31}" = Microsoft Reader

"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools

"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing

"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply

"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan

"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot

"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{60844F16-2659-45BB-BF8A-C5B390D4F397}" = Bloqueador de Pop-ups (Windows Live Toolbar)

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{688E07FE-9832-4FB9-8666-FB198D86ADC6}" = 2MOONS

"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH

"{6A6B10FE-3A8C-48B8-AF8A-274BA6889734}" = Barra de Ferramentas do Outlook do Windows Live (Windows Live Toolbar)

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6FEE62BC-67E3-4083-BEE2-3C33A487F85C}" = Windows Live Toolbar

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{755EC643-E622-4BB6-9DC6-C19439AB5577}" = MICRO webcam

"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites para Windows Live Toolbar

"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7B73D22F-B1FA-447B-948D-D706616C3773}" = Detector de Feed do Windows Live Toolbar (Windows Live Toolbar)

"{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{85A43AFC-4E08-41F3-AA13-453658FEE6C8}" = MPEG2 CODEC

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{88902514-B65F-4093-AF94-8DA7B41DCCD8}" = Extensão do Windows Live Toolbar (Windows Live Toolbar)

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}" = Windows Live Messenger

"{8EDBA74D-0686-4C99-BFDD-F894678E5103}" = Adobe Common File Installer

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90280416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional com FrontPage

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{934F3C42-83E5-49EB-81C6-C22F9BB6E9B7}" = Motorola Phone Tools

"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth

"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6

"{9D57C4FB-39C1-4EC3-9386-845FD08453D5}" = Menus Inteligentes (Windows Live Toolbar)

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5 Tryout

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100

"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2

"{AC76BA86-7AD7-1046-7B44-A70000000000}" = Adobe Reader 7.0 - Português

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{AF9B8ED2-BC1A-4673-9519-3FDD5C54D71A}" = OneCare Advisor (Windows Live Toolbar)

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Assistente de Conexão do Windows Live

"{B12372D0-1BAF-4D9D-9B4D-9F649B6FC554}" = Navegação com Guias (Windows Live Toolbar)

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0

"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB49B376-1136-44B4-83FA-036334B59937}" = OLYMPUS Master 2

"{CC9EBB96-C2A8-4F73-A76F-71D423F5D9E5}" = Disney

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Software Kodak EasyShare

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext

"{E9787678-551D-4478-9682-DBB587257110}" = Adobe Help Center 1.0

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack

"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools

"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = ICatch (VI) PC Camera

"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools

"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0416-1E257A25E34D}" = Adobe Photoshop CS2

"Adobe Shockwave Player" = Adobe Shockwave Player

"avast!" = avast! Antivirus

"BitTorrent" = BitTorrent 4.24.0

"BraZip" = BraZip 9.0

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem

"Combat Arms" = Combat Arms

"Conexant USB Network" = ADSL USB Modem Network Adapter

"CoolSMS_is1" = CoolSMS 1.84

"Discador Turbo_is1" = LightDialer 3.0

"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition

"EAX Unified (SHELL)" = EAX Unified (SHELL)

"ElfBot NG_is1" = ElfBot NG 3.5.1

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50

"FlashGet(JetCar)" = FlashGet(JetCar)

"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 3.2

"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.5

"Frets on Fire" = Frets On Fire

"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker

"GOM Player" = GOM Player

"HijackThis" = HijackThis 1.99.1

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPExtendedCapabilities" = HP Customer Participation Program 9.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{755EC643-E622-4BB6-9DC6-C19439AB5577}" = MICRO webcam

"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.3 Full

"LimeWire" = LimeWire 4.18.3

"Manual de Instalação_is1" = Manual de Instalação 3.0

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MV RegClean 3.9_is1" = MV RegClean 3.9

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"Oldblivion" = Oldblivion

"Programador de Modem_is1" = LightModem 3.0

"RealAlt_is1" = Real Alternative 1.7.5

"RivaTuner" = RivaTuner v2.08

"Shockwave" = Shockwave

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4

"sXe_Injected" = sXe Injected

"SystemRequirementsLab" = System Requirements Lab

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"Tibia Auto" = NSIS Example2

"Tibia_is1" = Tibia

"TibiaBot NG_is1" = TibiaBot NG 4.8.1

"TibiaBR Cam Lite_is1" = TibiaBR Cam Lite 1.7

"TibiaBR Cam Pro_is1" = TibiaBR Cam Pro 1.7

"TMIPC" = Tibia MULTI-ip changer

"Uninstall_is1" = Uninstall 1.0.0.0

"VobSub" = VobSub v2.23 (Remove Only)

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WinAVIVideoConverter_is1" = WinAVIVideoConverter

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Live Toolbar" = Windows Live Toolbar

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinRAR archiver" = Arquivo do WinRAR

"Wisdom-soft AutoScreenRecorder 2.0 Free" = Wisdom-soft AutoScreenRecorder 2.0 Free

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Companion" = Barra de Ferramentas do Yahoo! com bloqueador de pop-up

"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"3D Hockey" = 3D Hockey

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]

Error - 2008-07-10 00:21:35 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

G:\meus docs\Oficina de ceramica - Tres Lagoas\Ceramica 21-06-08\S3010018.JPG failed,

0000001E.

Error - 2008-08-23 21:31:39 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-24 18:15:16 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-24 18:15:44 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-24 18:16:35 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-25 00:21:48 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-25 00:23:10 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-25 00:24:03 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-25 00:24:10 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

Error - 2008-08-25 00:24:13 | Computer Name = CAYRES | Source = avast! | ID = 33554522

Description = Error in library avUInt: ActiveSkin not installed or not registered

properly.

[ Application Events ]

Error - 2008-10-11 23:02:07 | Computer Name = CAYRES | Source = Application Hang | ID = 1002

Description = Aplicativo com falha msnmsgr.exe, versão 8.5.1302.1018, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 2008-10-13 16:04:12 | Computer Name = CAYRES | Source = Application Hang | ID = 1002

Description = Aplicativo com falha wmplayer.exe, versão 11.0.5721.5145, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 2008-10-13 16:26:45 | Computer Name = CAYRES | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.3156, módulo com

falha ntdll.dll, versão 5.1.2600.2180, endereço com falha 0x00013396.

Error - 2008-10-13 16:45:24 | Computer Name = CAYRES | Source = Application Error | ID = 1000

Description = Aplicativo com falha sxe injected.exe, versão 6.9.0.0, módulo com

falha sxe injected.exe, versão 6.9.0.0, endereço com falha 0x00001d6b.

Error - 2008-10-13 16:54:23 | Computer Name = CAYRES | Source = Application Error | ID = 1000

Description = Aplicativo com falha sxe injected.exe, versão 6.9.0.0, módulo com

falha sxe injected.exe, versão 6.9.0.0, endereço com falha 0x00001d6b.

Error - 2008-10-13 18:28:30 | Computer Name = CAYRES | Source = Application Error | ID = 1000

Description = Aplicativo com falha sxe injected.exe, versão 6.9.0.0, módulo com

falha sxe injected.exe, versão 6.9.0.0, endereço com falha 0x00001d6b.

Error - 2008-10-13 19:32:47 | Computer Name = CAYRES | Source = Application Error | ID = 1000

Description = Aplicativo com falha sxe injected.exe, versão 6.9.0.0, módulo com

falha sxe injected.exe, versão 6.9.0.0, endereço com falha 0x00001d6b.

Error - 2008-10-15 04:59:05 | Computer Name = CAYRES | Source = Application Error | ID = 1000

Description = Aplicativo com falha sxe injected.exe, versão 6.9.0.0, módulo com

falha sxe injected.exe, versão 6.9.0.0, endereço com falha 0x00001d6b.

Error - 2008-10-15 11:37:09 | Computer Name = CAYRES | Source = Application Error | ID = 1000

Description = Aplicativo com falha sxe injected.exe, versão 6.9.0.0, módulo com

falha sxe injected.exe, versão 6.9.0.0, endereço com falha 0x00001d6b.

Error - 2008-10-15 11:37:54 | Computer Name = CAYRES | Source = Application Hang | ID = 1002

Description = Aplicativo com falha TeaTimer.exe, versão 1.4.0.2, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

[ System Events ]

Error - 2008-10-28 17:58:36 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

Error - 2008-10-28 17:58:36 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço npkcrypt devido ao seguinte erro:

%%3

Error - 2008-10-28 17:59:44 | Computer Name = CAYRES | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 2008-10-28 18:18:18 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

Error - 2008-10-28 18:18:18 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço npkcrypt devido ao seguinte erro:

%%3

Error - 2008-10-29 06:33:49 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

Error - 2008-10-29 06:33:49 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço npkcrypt devido ao seguinte erro:

%%3

Error - 2008-10-29 11:49:32 | Computer Name = CAYRES | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 2008-10-29 11:50:03 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

Error - 2008-10-29 11:50:03 | Computer Name = CAYRES | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço npkcrypt devido ao seguinte erro:

%%3

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTListIt logfile created on: 2008-10-29 12:52:21 - Run 2

OTListIt by OldTimer - Version 1.0.11.1 Folder = C:\Documents and Settings\Otávio\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy-MM-dd

511.29 Mb Total Physical Memory | 185.36 Mb Available Physical Memory | 36.25% Memory free

1.19 Gb Paging File | 0.87 Gb Available in Paging File | 72.88% Paging File free

Paging file location(s): C:\pagefile.sys 744 1488;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74.53 Gb Total Space | 7.14 Gb Free Space | 9.58% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CAYRES

Current User Name: Otávio

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008-07-19 11:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\aswUpdSv.exe

[2008-07-19 11:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\ashServ.exe

[2008-03-11 08:18:00 | 00,050,984 | ---- | M] () -- C:\ARQUIVOS DE PROGRAMAS\GbPlugin\GbpSv.exe

[2007-06-29 01:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2003-02-04 08:22:30 | 00,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE

[2008-07-19 11:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\ashMaiSv.exe

[2008-07-23 11:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\ashWebSv.exe

[2005-10-13 13:03:39 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[2008-07-19 11:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\ashDisp.exe

[2005-10-13 13:03:28 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2006-09-01 15:57:48 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\ARQUIVOS DE PROGRAMAS\QuickTime\qttask.exe

[2008-06-10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\ARQUIVOS DE PROGRAMAS\Java\jre1.6.0_07\bin\jusched.exe

[2007-10-18 11:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe

[2005-05-31 01:04:00 | 01,415,824 | ---- | M] (Safer Networking Limited) -- C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\TeaTimer.exe

[2008-07-18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

[2008-07-18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

[2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\usnsvc.exe

[2008-10-27 12:49:23 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Otávio\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2006-10-20 20:17:33 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])

[2004-07-15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008-07-19 11:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

[2008-07-19 11:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

[2008-07-19 11:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

[2008-07-23 11:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\ARQUIVOS DE PROGRAMAS\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

File not found -- -- (GbpSv [unknown | Running])

[2007-06-12 19:20:13 | 00,138,168 | ---- | M] (Google) -- C:\ARQUIVOS DE PROGRAMAS\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2004-10-22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2007-06-29 01:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2003-02-04 08:22:30 | 00,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess [Auto | Running])

[2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

[2007-10-25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

[2006-11-02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\ARQUIVOS DE PROGRAMAS\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008-07-19 11:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running])

[2006-03-31 14:38:00 | 03,960,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2008-07-19 11:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

[2008-07-19 11:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

[2008-07-19 11:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

[2008-07-19 11:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running])

[2008-07-19 11:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

[2002-10-01 14:43:32 | 00,119,798 | ---- | M] (SP) -- C:\WINDOWS\system32\drivers\SPCA561.SYS -- (CA561 [On_Demand | Running])

[2003-03-21 06:10:00 | 00,023,296 | R--- | M] (Conexant) -- C:\WINDOWS\system32\drivers\CnxTrLan.sys -- (CnxTrLan [On_Demand | Stopped])

[2003-03-21 06:10:00 | 00,050,560 | R--- | M] (Conexant) -- C:\WINDOWS\system32\drivers\CnxTrUsb.sys -- (CnxTrUsb [On_Demand | Stopped])

[2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus [boot | Running])

[2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt [boot | Running])

[2001-08-17 17:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])

[2004-04-14 23:57:20 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Running])

[2007-03-08 01:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

[2007-03-08 01:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

[2007-03-08 01:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

[2004-09-29 04:35:30 | 00,219,136 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])

[2004-09-29 04:33:50 | 01,036,928 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])

[2005-09-20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])

[2004-03-17 01:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2001-08-17 21:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])

[2007-06-18 14:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem [On_Demand | Stopped])

[2007-06-29 01:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2006-11-07 23:01:09 | 00,033,952 | ---- | M] () -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32 [system | Running])

[2008-06-26 00:23:35 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])

[2005-10-13 13:01:02 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2005-10-26 17:12:48 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2008-03-10 05:10:00 | 00,009,088 | ---- | M] () -- C:\ARQUIVOS DE PROGRAMAS\RivaTuner v2.08\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Stopped])

[2002-06-10 00:09:08 | 00,031,232 | ---- | M] (Robert Schlabbach) -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS -- (RMSPPPOE [On_Demand | Running])

[2005-10-13 13:22:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Stopped])

[2004-06-03 13:24:52 | 00,167,168 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr [On_Demand | Stopped])

[2007-11-13 07:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])

[2004-03-24 09:22:26 | 00,138,396 | ---- | M] () -- C:\WINDOWS\system32\drivers\pfc027.sys -- (SoC PC-Camera Service [On_Demand | Stopped])

[2001-08-17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])

[2007-06-04 15:58:13 | 00,639,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2004-08-03 20:07:44 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\UAGP35.SYS -- (uagp35 [boot | Running])

[2003-12-26 02:22:00 | 00,024,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBSER.SYS -- (usbser [On_Demand | Stopped])

[2003-07-02 04:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [boot | Running])

[2005-06-01 18:06:54 | 00,227,712 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Stopped])

[2001-10-18 12:00:00 | 00,006,144 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\viaidexp.sys -- (ViaIde [boot | Running])

[2005-08-24 13:34:30 | 00,060,928 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [boot | Running])

[2003-11-07 07:07:52 | 00,391,680 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\system32\drivers\viasens.sys -- (VIASens [On_Demand | Stopped])

[2003-12-18 19:36:44 | 00,113,024 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio [On_Demand | Stopped])

[2004-08-04 00:37:54 | 00,032,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [system | Stopped])

[2006-11-02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

[2004-09-29 04:34:24 | 00,702,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.positivoinformatica.com.br/

URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (322223 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 {undo}.baidu.com

O1 - Hosts: 127.0.0.1 {undo}.hotlinkfiles.com

O1 - Hosts: 127.0.0.1 {undo}.meine-grußkarten.de

O1 - Hosts: 127.0.0.1 {undo}.pcsleek.com

O1 - Hosts: 127.0.0.1 {undo}/baidu.com

O1 - Hosts: 127.0.0.1 {undo}/hotlinkfiles.com

O1 - Hosts: 127.0.0.1 {undo}/meine-grußkarten.de

O1 - Hosts: 127.0.0.1 {undo}/pcsleek.com

O1 - Hosts: 127.0.0.1 {undo}888.com

O1 - Hosts: 127.0.0.1 {undo}bar.baidu.com

O1 - Hosts: 127.0.0.1 {undo}images.888.com

O1 - Hosts: 127.0.0.1 {undo}www.888.com

O1 - Hosts: 127.0.0.1 {undo}www.baidu.com

O1 - Hosts: 127.0.0.1 {undo}www.hotlinkfiles.com

O1 - Hosts: 127.0.0.1 {undo}www.meine-grußkarten.de

O1 - Hosts: 127.0.0.1 {undo}www.pcsleek.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 11341 more lines...

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Reg Error: Value does not exist or could not be read. File not found

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\ARQUIVOS DE PROGRAMAS\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\ARQUIVOS DE PROGRAMAS\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIVOS DE PROGRAMAS\FlashGet\Jccatch.dll (FlashGet)

O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - Reg Error: Value does not exist or could not be read. File not found

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\ARQUIVOS DE PROGRAMAS\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\ARQUIVOS DE PROGRAMAS\Google\GoogleToolbar4.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\ARQUIVOS DE PROGRAMAS\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\ARQUIVOS DE PROGRAMAS\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll ()

O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIVOS DE PROGRAMAS\FlashGet\getflash.dll ()

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\ARQUIVOS DE PROGRAMAS\Google\GoogleToolbar4.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\ARQUIVOS DE PROGRAMAS\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIVOS DE PROGRAMAS\FlashGet\fgiebar.dll (Amaze Soft)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value does not exist or could not be read. File not found

O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\ARQUIVOS DE PROGRAMAS\Google\GoogleToolbar4.dll (Google Inc.)

O3 - HKCU\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\ARQUIVOS DE PROGRAMAS\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [LightStart] D:\STFLASH.EXE File not found

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()

O4 - HKLM..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [sXe Injected] C:\ARQUIVOS DE PROGRAMAS\sXe Injected\sXe Injected.exe (sXe Injected)

O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe File not found

O4 - HKCU..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe File not found

O4 - HKCU..\Run: [LightDialer] C:\ARQUIVOS DE PROGRAMAS\Turbo\Discador Turbo\DISCADOR.EXE (LightComm)

O4 - HKCU..\Run: [msnmsgr] "C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download All by FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ARQUIVOS DE PROGRAMAS\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\ARQUIVOS DE PROGRAMAS\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\ARQUIVOS DE PROGRAMAS\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIVOS DE PROGRAMAS\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIVOS DE PROGRAMAS\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIVOS DE PROGRAMAS\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIVOS DE PROGRAMAS\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIVOS DE PROGRAMAS\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Sites: 42 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab (Minesweeper Flags Class)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} https://www.e-games.com.my/com/EGamesPlugin.cab (EGamesPlugin Class)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://magrela5.spaces.live.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://yahoo.atrativa.com.br/games/applets/gamehouse/luxor/mjolauncher.cab (MJLauncherCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} http://www.radarsync.com/RSActiveX.ocx (RSActiveXObj Control)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://www14.bancobrasil.com.br/plugin/GbpDist.cab (GbpDistObj Class)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab (GbPluginObj Class)

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)

O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key does not exist or could not be opened.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - livecall - C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msnim - C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap11 - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - skype4com - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter: - text/xml - C:\ARQUIVOS DE PROGRAMAS\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

GbPluginBb: "DllName" = C:\ARQUIV~1\GbPlugin\gbieh.dll -- C:\ARQUIVOS DE PROGRAMAS\GbPlugin\gbieh.dll (Banco do Brasil)

igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}" (HKLM) -- C:\WINDOWS\Downloaded Program Files\gbiehabn.dll ()

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" (HKLM) -- C:\ARQUIVOS DE PROGRAMAS\GbPlugin\gbieh.dll (Banco do Brasil)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2006-02-05 16:33:43 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Automap []

[2008-04-09 13:17:29 00,000,000 | ---D | M] -- C:\Automap -- [ NTFS ]

autorun.inf []

[2008-07-04 23:15:02 00,000,000 | ---D | M] -- C:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a76ea3f-a271-11db-b199-00300a268e1f}\Shell\AutoRun\command]

"" = G:\930jn.bat -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a76ea3f-a271-11db-b199-00300a268e1f}\Shell\explore\Command]

"" = G:\930jn.bat -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a76ea3f-a271-11db-b199-00300a268e1f}\Shell\open\Command]

"" = G:\930jn.bat -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cac768-7dcc-11d9-8b67-806d6172696f}\Shell]

"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cac768-7dcc-11d9-8b67-806d6172696f}\Shell\AutoRun\command]

"" = D:\Setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af5aaf8d-8ae3-11dc-b67a-cccf9fe9f18d}\Shell\AutoRun\command]

"" = G:\2fiji.com -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af5aaf8d-8ae3-11dc-b67a-cccf9fe9f18d}\Shell\explore\Command]

"" = G:\2fiji.com -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af5aaf8d-8ae3-11dc-b67a-cccf9fe9f18d}\Shell\open\Command]

"" = G:\2fiji.com -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccc1e356-5104-11dc-b552-00300a268e1f}\Shell\AutoRun\command]

"" = F:\ka1nk.bat -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccc1e356-5104-11dc-b552-00300a268e1f}\Shell\explore\Command]

"" = F:\ka1nk.bat -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccc1e356-5104-11dc-b552-00300a268e1f}\Shell\open\Command]

"" = F:\ka1nk.bat -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P\Shell\AutoRun\command]

"" = P:\Setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]

[2008-10-28 17:07:38 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Tibia Multi IP Changer

[2008-10-27 18:30:49 | 00,070,369 | ---- | C] () -- C:\Documents and Settings\Otávio\Meus documentos\Saint-demon.cam

[2008-10-27 18:02:32 | 00,086,834 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\adsadssda.cam

[2008-10-27 12:49:21 | 00,418,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Otávio\Desktop\OTListIt.exe

[2008-10-24 00:52:26 | 00,000,000 | ---D | C] -- C:\ComboFix

[2008-10-24 00:52:25 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF20280.exe

[2008-10-24 00:44:14 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2008-10-24 00:44:10 | 00,261,920 | ---- | C] () -- C:\cmldr

[2008-10-24 00:44:06 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2008-10-24 00:42:01 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2008-10-24 00:42:01 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2008-10-24 00:42:01 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2008-10-24 00:42:01 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2008-10-24 00:42:01 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe

[2008-10-24 00:42:01 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2008-10-24 00:42:01 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2008-10-24 00:42:01 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

[2008-10-24 00:42:01 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2008-10-24 00:41:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2008-10-24 00:41:55 | 00,000,000 | ---D | C] -- C:\Qoobox

[2008-10-24 00:41:54 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF18220.exe

[2008-10-24 00:40:21 | 02,995,152 | R--- | C] () -- C:\Documents and Settings\Otávio\Desktop\ComboFix.exe

[2008-10-23 19:09:32 | 00,105,501 | RHS- | C] () -- C:\xih9.cmd

[2008-10-23 19:08:49 | 00,105,018 | RHS- | C] () -- C:\xlk9.com

[2008-10-23 15:18:33 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\ÒAKEÒAKEÒKA.cam

[2008-10-20 12:40:24 | 00,106,249 | RHS- | C] () -- C:\2fiji.com

[2008-10-19 16:28:48 | 00,025,235 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\clown'er down.cam

[2008-10-18 15:08:03 | 00,462,517 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Poi parte 2.cam

[2008-10-18 13:26:15 | 00,605,442 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Poi parte 1.cam

[2008-10-16 13:30:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\SSScanAppDataDir

[2008-10-16 13:29:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\MSScanAppDataDir

[2008-10-16 03:33:38 | 00,105,198 | RHS- | C] () -- C:\9.cmd

[2008-10-15 21:10:43 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Atalho para mc831.lnk

[2008-10-15 20:00:41 | 00,059,977 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Btt.cam

[2008-10-13 21:09:38 | 18,075,648 | ---- | C] () -- C:\eav_nt32_ptb.msi

[2008-10-13 16:27:02 | 00,094,535 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\lol.cam

[2008-10-13 14:04:27 | 00,104,628 | RHS- | C] () -- C:\68.exe

[2008-10-10 20:30:28 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\TibiaBot NG.lnk

[2008-10-10 20:30:25 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\TibiaBotNG

[2008-10-10 20:29:43 | 03,634,841 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-4.8.1.exe

[2008-10-10 17:51:18 | 00,069,359 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\demonzitos.cam

[2008-10-10 00:49:47 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\TibiaBR Cam Pro

[2008-10-10 00:48:59 | 01,727,138 | ---- | C] (TibiaBR ) -- C:\Documents and Settings\Otávio\Desktop\TibiaBRCamPro-1.7.exe

[2008-10-06 19:44:09 | 01,204,434 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-3.5.1.exe

[2008-10-05 00:48:30 | 01,204,006 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-3.5.exe

[2008-10-04 14:10:08 | 00,923,145 | ---- | C] (TibiaBR ) -- C:\Documents and Settings\Otávio\Desktop\TibiaBRCamLite-1.7.exe

[2008-10-02 22:41:15 | 00,735,049 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\clonagem.swf

[2008-10-02 18:51:52 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Valve

[2008-10-02 18:34:20 | 00,001,684 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\sXe Injected.lnk

[2008-10-02 18:30:23 | 00,001,679 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Counter Strike 1.6 Non Steam.lnk

[2008-10-02 18:30:23 | 00,001,659 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Dedicated Server.lnk

[2008-10-02 18:29:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Desktop\Patch v23 - CS Online

[2008-10-02 18:26:22 | 23,837,581 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Patch v23 - CS Online.zip

[2008-10-02 13:42:16 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\TibiaBot NG8.30

[2008-10-02 13:40:20 | 03,643,563 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-4.8.0.exe

[2008-10-01 20:37:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Meus documentos\Tibia8.22

[2008-10-01 20:33:34 | 18,803,256 | ---- | C] (CipSoft GmbH ) -- C:\Documents and Settings\Otávio\Desktop\tibia822.exe

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]

[43 C:\WINDOWS\System32\*.tmp files]

[2008-10-29 12:51:46 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Otávio\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2008-10-29 12:50:18 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-10-29 12:49:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-10-29 12:49:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-10-29 12:49:26 | 53,620,3264 | -HS- | M] () -- C:\hiberfil.sys

[2008-10-29 11:32:02 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

[2008-10-29 00:45:55 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2008-10-28 23:58:15 | 00,040,448 | -HS- | M] () -- C:\Documents and Settings\Otávio\Desktop\Thumbs.db

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Otávio\Desktop\Thumbs.db:encryptable

[2008-10-28 18:45:31 | 03,178,796 | -H-- | M] () -- C:\Documents and Settings\Otávio\Configurações locais\Dados de aplicativos\IconCache.db

[2008-10-27 21:48:40 | 00,105,501 | RHS- | M] () -- C:\xih9.cmd

[2008-10-27 18:30:49 | 00,070,369 | ---- | M] () -- C:\Documents and Settings\Otávio\Meus documentos\Saint-demon.cam

[2008-10-27 18:02:32 | 00,086,834 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\adsadssda.cam

[2008-10-27 12:49:23 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Otávio\Desktop\OTListIt.exe

[2008-10-26 18:00:00 | 00,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan.job

[2008-10-24 00:52:19 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF20280.exe

[2008-10-24 00:44:14 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2008-10-24 00:41:49 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF18220.exe

[2008-10-24 00:40:49 | 02,995,152 | R--- | M] () -- C:\Documents and Settings\Otávio\Desktop\ComboFix.exe

[2008-10-23 15:18:33 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\ÒAKEÒAKEÒKA.cam

[2008-10-22 06:14:32 | 00,105,018 | RHS- | M] () -- C:\xlk9.com

[2008-10-21 11:58:27 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Otávio\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-10-20 11:56:38 | 00,106,249 | RHS- | M] () -- C:\2fiji.com

[2008-10-19 16:28:48 | 00,025,235 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\clown'er down.cam

[2008-10-19 06:58:20 | 00,000,931 | ---- | M] () -- C:\WINDOWS\win.ini

[2008-10-18 15:08:03 | 00,462,517 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\Poi parte 2.cam

[2008-10-18 13:26:15 | 00,605,442 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\Poi parte 1.cam

[2008-10-17 12:39:25 | 00,016,896 | -HS- | M] () -- C:\WINDOWS\Thumbs.db

@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable

[2008-10-16 11:28:23 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-10-16 03:35:12 | 00,105,198 | RHS- | M] () -- C:\9.cmd

[2008-10-15 21:10:43 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\Atalho para mc831.lnk

[2008-10-15 20:00:41 | 00,059,977 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\Btt.cam

[2008-10-15 13:59:29 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll

[2008-10-15 13:59:29 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008-10-15 12:35:41 | 00,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008-10-13 22:43:02 | 00,009,728 | -HS- | M] () -- C:\WINDOWS\System32\Thumbs.db

@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\Thumbs.db:encryptable

[2008-10-13 21:09:39 | 18,075,648 | ---- | M] () -- C:\eav_nt32_ptb.msi

[2008-10-13 16:27:03 | 00,094,535 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\lol.cam

[2008-10-13 14:05:25 | 00,104,628 | RHS- | M] () -- C:\68.exe

[2008-10-10 20:30:28 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\TibiaBot NG.lnk

[2008-10-10 20:30:09 | 03,634,841 | ---- | M] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-4.8.1.exe

[2008-10-10 17:51:18 | 00,069,359 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\demonzitos.cam

[2008-10-10 00:49:24 | 01,727,138 | ---- | M] (TibiaBR ) -- C:\Documents and Settings\Otávio\Desktop\TibiaBRCamPro-1.7.exe

[2008-10-07 16:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-10-06 19:44:30 | 00,000,663 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\ElfBot NG.lnk

[2008-10-06 19:44:18 | 01,204,434 | ---- | M] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-3.5.1.exe

[2008-10-06 00:18:55 | 00,001,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk

[2008-10-05 00:48:37 | 01,204,006 | ---- | M] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-3.5.exe

[2008-10-04 14:10:19 | 00,923,145 | ---- | M] (TibiaBR ) -- C:\Documents and Settings\Otávio\Desktop\TibiaBRCamLite-1.7.exe

[2008-10-03 14:26:01 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll

[2008-10-03 14:26:01 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2008-10-02 22:41:19 | 00,735,049 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\clonagem.swf

[2008-10-02 18:57:03 | 00,001,679 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\Counter Strike 1.6 Non Steam.lnk

[2008-10-02 18:57:03 | 00,001,659 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\Dedicated Server.lnk

[2008-10-02 18:34:20 | 00,001,684 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\sXe Injected.lnk

[2008-10-02 18:29:28 | 23,837,581 | ---- | M] () -- C:\Documents and Settings\Otávio\Desktop\Patch v23 - CS Online.zip

[2008-10-02 13:40:48 | 03,643,563 | ---- | M] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-4.8.0.exe

[2008-10-01 20:36:32 | 18,803,256 | ---- | M] (CipSoft GmbH ) -- C:\Documents and Settings\Otávio\Desktop\tibia822.exe

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Faça o download de OTMoveIt3 by OldTimer e salve no desktop.

Duplo-Clique no icone otmi3desktopicon.png que está no seu desktop.

Copie o texto que está abaixo dentro do "Code" e cole na área abaixo de pasteline.png:


:processes
explorer.exe
:files
C:\WINDOWS\system32\ckvo.exe
C:\xih9.cmd
C:\xlk9.com
:commands
[EmptyTemp]
[Reboot]

Clique agora no botão btnmoveit.png

Caso apareça o aviso para reiniciar o computador, faça isso.

Na sua proxima resposta, copie e cole o todo o conteúdo que está em results.png

Se o computador reiniciou e não lhe foi possível copiar o resultado, abra o Bloco de Notas (Iniciar ~> Programs ~> Acessorios ~> Bloco de Notas), clique em Arquivo ~> Abrir e na caixa "Nome do Arquivo", coloque *.log e dê enter; Procure a pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder C:\WINDOWS\system32\ckvo.exe not found.

C:\xih9.cmd moved successfully.

C:\xlk9.com moved successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_624.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

FireFox cache emptied.

Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11032008_125339

Files moved on Reboot...

File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

File C:\WINDOWS\temp\Perflib_Perfdata_624.dat not found!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 17:36, on 2008-11-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIVOS DE PROGRAMAS\Tibia\tibia.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIVOS DE PROGRAMAS\Ventrilo\Ventrilo.exe

C:\ARQUIVOS DE PROGRAMAS\Mozilla Firefox\firefox.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.positivoinformatica.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.orkut.com/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LightStart] D:\STFLASH.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sXe Injected] C:\ARQUIVOS DE PROGRAMAS\sXe Injected\sXe Injected.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [msnmsgr] "C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\ARQUIVOS DE PROGRAMAS\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightDialer] C:\ARQUIVOS DE PROGRAMAS\Turbo\Discador Turbo\DISCADOR.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download All by FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://magrela5.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://yahoo.atrativa.com.br/games/applets/gamehouse/luxor/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{14C44F00-632A-4E35-85AA-945EBE5C3DB5}: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\ARQUIVOS DE PROGRAMAS\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu Java está desatualizado.

Versões antigas e desatualizadas, estão mais vulneráveis aos malwares.

  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 10 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu computador, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u10-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

No mais o seu log está limpo

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Desative e ative novamente a Restauração do Sistema
  • Utilize um navegador alternativo e mais seguro: firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <=
    IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×