Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
SAKAMOTO carlos

Analise meu log file

Recommended Posts

:( Gostaria de pedir a ajude de vocês, Meu computador windows XP SP3 está tendo problemas com o messenger e não consigo fazer transações bancarias pois o banco não consegui identificar meu computador. Fiz todos os procedimentos possiveis. Reinstalei e restaurei o sistema e o problema persiste, usei o revo uninstaler bem como o clean up, e mesmo assim continuo com problemas nos dois casos.Creio que seja virus, mas de toda forma gostaria que vocês pudessem verificar o meu log e me indicar quais os procedimentos possiveis.

Logfile of HijackThis v1.99.1

Scan saved at 08:31:02, on 23/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVCOMSER\LVComSer.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Cable e ADSL Speed\NtwCA.exe

C:\Arquivos de programas\Atomic Alarm Clock\AtomicAlarmClock.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

G:\combo fix\hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Carlos/Simone/Emily

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexao do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: GooglePreviewIE Toolbar Helper - {D476B977-AF6C-481A-8472-2ABAB5E89F20} - C:\Arquivos de programas\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: GooglePreviewIE Toolbar - {AEC32322-9D72-4C55-A108-33875F07BC03} - C:\Arquivos de programas\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [CASpeed] "C:\Arquivos de programas\Cable e ADSL Speed\NtwCA.exe" /HIDE

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Arquivos de programas\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [skinClock] C:\Arquivos de programas\Atomic Alarm Clock\AtomicAlarmClock.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215958479000

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Arquivos de programas\Logicool\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logicool Co., Ltd - C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd - C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Sakamoto\CONFIG~1\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro SAKAMOTO carlos

Bem vindo à Remoção de Malware

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-la novamente.

Atente para o seguinte, por favor:

1) Estarei acompanhado os procedimentos de análise de seu log, retornarei tão logo que seja possível!;

2) Não tome nenhum procedimento até começarmos;

3) O que será passado aqui somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;

4) Caso tenha outro computador abra um novo tópico com seu respectivo log;

5) Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;

6) Sempre coloque suas respostas neste tópico... Não abra outro!

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro SAKAMOTO carlos

>>> Por favor, me responda: você chegou a executar o ComboFix?

# Etapa nº 1 #

O seu programa HijackThis está sendo executado a partir duma localização não recomendável e assim os backups que fizermos não estarão seguros.

Antes de iniciarmos a resolução dos problemas do seu PC, necessitamos de corrigir a localização do HijackThis; por favor, faça o seguinte:

  • Clique com o botão direito do mouse numa área vazia do seu desktop (área de trabalho).
  • Escolha Nova -> Pasta -> escreva HJT e dê o Enter.
  • Agora clique direito do mouse em HijackThis.exe, escolha -> recortar
  • Clique direito do mouse numa área vazia e escolha colar.
  • Agora, clique direito do mouse pasta HJT e escolha -> recortar.
  • Clique em -> Iniciar -> O Meu Computador -> clique direito do mouse em -> Disco Local (normalmente C:\) -> Explorar.
  • Clique direito do mouse numa área vazia e escolha colar.

# Etapa nº 2 #
  • Faça o download do RSIT - random's system information tool by random/random e salve no seu desktop.
  • Duplo clique em RSIT.exe para a ferramenta ser executada.
  • Na janela que abrir (disclamer), clique em Continue.
  • Quando a ferramenta terminar de rodar, abrirá um documento do Bloco de Notas contendo o resultado do scan. Por favor cole o resultado desse log (log.txt) na sua próxima resposta.
  • Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of random's system information tool 1.04 (written by random/random)

Run by Sakamoto at 2008-10-24 20:10:01

Microsoft Windows XP Professional Service Pack 3

System drive C: has 260 GB (85%) free of 305 GB

Total RAM: 2037 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:10:02, on 24/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVCOMSER\LVComSer.exe

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Cable e ADSL Speed\NtwCA.exe

C:\Arquivos de programas\Atomic Alarm Clock\AtomicAlarmClock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Sakamoto\Meus documentos\Downloads\RSIT.exe

C:\Arquivos de programas\trend micro\Sakamoto.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Carlos/Simone/Emily

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexao do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: GooglePreviewIE Toolbar Helper - {D476B977-AF6C-481A-8472-2ABAB5E89F20} - C:\Arquivos de programas\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: GooglePreviewIE Toolbar - {AEC32322-9D72-4C55-A108-33875F07BC03} - C:\Arquivos de programas\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [CASpeed] "C:\Arquivos de programas\Cable e ADSL Speed\NtwCA.exe" /HIDE

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Arquivos de programas\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [skinClock] C:\Arquivos de programas\Atomic Alarm Clock\AtomicAlarmClock.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215958479000

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Arquivos de programas\Logicool\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logicool Co., Ltd - C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd - C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Sakamoto\CONFIG~1\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 12119 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\NeroLiveEpgUpdate-SAKAMOTO-344E36_Sakamoto.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-12-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-31 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E3C3651-B19C-4DD9-A979-901EC3E930AF}]

ssh2 Class - C:\Arquivos de programas\Scpad\scpsssh2.dll [2007-12-12 214272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-07 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

Click-to-Call BHO - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2008-10-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexao do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\arquivos de programas\google\googletoolbar2.dll [2008-07-14 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-10 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2008-09-01 384840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D476B977-AF6C-481A-8472-2ABAB5E89F20}]

GooglePreviewIE Toolbar Helper - C:\Arquivos de programas\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll [2008-10-11 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2008-10-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Barra de Ferramentas do Yahoo! - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-12-19 817936]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\arquivos de programas\google\googletoolbar2.dll [2008-07-14 2403392]

{AEC32322-9D72-4C55-A108-33875F07BC03} - GooglePreviewIE Toolbar - C:\Arquivos de programas\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll [2008-10-11 806912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"AVP"=C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-29 218376]

"CASpeed"=C:\Arquivos de programas\Cable e ADSL Speed\NtwCA.exe [2002-11-22 154624]

"BootSkin Startup Jobs"=C:\Arquivos de programas\Stardock\WinCustomize\BootSkin\BootSkin.exe [2004-04-26 270336]

"Tim"= []

"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 196096]

"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"=C:\Arquivos de programas\Atomic Alarm Clock\AtomicAlarmClock.exe [2008-07-27 528896]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 25088]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

C:\Arquivos de programas\Cyberlink\Shared Files\brs.exe [2008-07-23 91432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

C:\Arquivos de programas\DNA\btdna.exe [2008-08-06 341824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

C:\Arquivos de programas\Canon\MyPrinter\BJMyPrt.exe [2007-04-04 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

C:\Arquivos de programas\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-15 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-14 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe [2007-08-14 113136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

C:\WINDOWS\system32\hkcmd.exe [2007-09-05 166424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

C:\WINDOWS\system32\igfxtray.exe [2007-09-05 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Arquivos de programas\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 563984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

C:\Arquivos de programas\Logicool\Qcam\Qcam.exe [2008-08-14 2406160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSetup]

D:\setup.exe /skip_all_checks /p /start /restart /l:enu []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe [2008-09-09 3513344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

C:\Arquivos de programas\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pepsi Volume Controller 4.0]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

C:\WINDOWS\system32\igfxpers.exe [2007-09-05 137752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE [2008-06-16 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Arquivos de programas\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]

C:\Arquivos de programas\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-21 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [2007-08-25 240112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Arquivos de programas\Skype\Phone\Skype.exe [2008-05-31 21718312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2008-10-23 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2008-08-07 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard]

C:\Arquivos de programas\Multimedia Combo Set Driver\StartAutorun.exe [2005-12-01 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse]

C:\Arquivos de programas\Multimedia Combo Set Driver\StartAutorun.exe [2005-12-01 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe [2008-01-11 223984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Logicool Desktop Messenger.lnk]

C:\ARQUIV~1\Logicool\DESKTO~1\8876480\Program\LOGICO~1.EXE [2008-07-13 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

C:\ARQUIV~1\WI459E~1\WINDOW~1.EXE [2008-05-27 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sakamoto^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.4.lnk]

C:\ARQUIV~1\BROFFI~1.4\program\QUICKS~1.EXE [2008-01-22 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sakamoto^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

C:\ARQUIV~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sakamoto^Menu Iniciar^Programas^Inicializar^Thoosje Vista Sidebar.lnk]

C:\ARQUIV~1\THOOSJ~1.3\THOOSJ~1.EXE [2007-10-22 524288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2008-09-01 384840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2007-06-29 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-12-12 201984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-12-12 201984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2008-09-01 384840]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe"="C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\Arquivos de programas\Internet Explorer\iexplore.exe"="C:\Arquivos de programas\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"C:\Arquivos de programas\Nero\Nero 9\Nero ShowTime\ShowTime.exe"="C:\Arquivos de programas\Nero\Nero 9\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Arquivos de programas\VDOWNLOADER\VDownloader.exe"="C:\Arquivos de programas\VDOWNLOADER\VDownloader.exe:*:Enabled:VDownloader"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.js - edit - "C:\Arquivos de programas\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

.js - open - "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

Compartilhar este post


Link para o post
Compartilhar em outros sites

======List of files/folders created in the last 1 months======

2008-10-24 20:06:42 ----D---- C:\Arquivos de programas\trend micro

2008-10-24 20:06:41 ----D---- C:\rsit

2008-10-24 10:26:04 ----D---- C:\Documents and Settings\Sakamoto\Dados de aplicativos\Desktopicon

2008-10-24 10:26:02 ----D---- C:\Arquivos de programas\VDOWNLOADER

2008-10-23 21:41:48 ----A---- C:\WINDOWS\system32\javaws.exe

2008-10-23 21:41:48 ----A---- C:\WINDOWS\system32\javaw.exe

2008-10-23 21:41:48 ----A---- C:\WINDOWS\system32\java.exe

2008-10-23 20:31:28 ----D---- C:\Documents and Settings\Sakamoto\Dados de aplicativos\Mozilla

2008-10-23 20:31:22 ----D---- C:\Arquivos de programas\Mozilla Firefox

2008-10-23 19:30:38 ----A---- C:\WINDOWS\system32\deploytk.dll

2008-10-23 07:20:53 ----D---- C:\WINDOWS\ERDNT

2008-10-23 07:20:53 ----D---- C:\Qoobox

2008-10-23 07:20:53 ----A---- C:\WINDOWS\system32\CF846.exe

2008-10-23 07:18:50 ----A---- C:\WINDOWS\system32\CF444.exe

2008-10-23 07:15:33 ----A---- C:\WINDOWS\system32\CF32569.exe

2008-10-23 06:57:21 ----A---- C:\WINDOWS\system32\CF28999.exe

2008-10-19 04:29:21 ----D---- C:\Arquivos de programas\Windows Live

2008-10-19 02:53:41 ----D---- C:\Documents and Settings\Sakamoto\Dados de aplicativos\Windows Live Writer

2008-10-19 02:39:37 ----D---- C:\Arquivos de programas\Arquivos comuns\Windows Live

2008-10-19 02:29:01 ----D---- C:\Arquivos de programas\Windows Installer Clean Up

2008-10-18 09:28:51 ----D---- C:\Arquivos de programas\TI Software

2008-10-18 09:28:40 ----D---- C:\Documents and Settings\Sakamoto\Dados de aplicativos\TI Software

2008-10-18 09:05:10 ----D---- C:\Arquivos de programas\MSXML 6.0

2008-10-15 06:58:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-10-15 06:58:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2008-10-15 06:58:43 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-10-15 06:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-10-15 06:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-10-13 15:46:34 ----D---- C:\Arquivos de programas\Loquendo

2008-10-13 15:20:03 ----D---- C:\WINDOWS\speech

2008-10-13 15:19:56 ----D---- C:\Arquivos de programas\TextAloud

2008-10-12 05:33:47 ----A---- C:\WINDOWS\system32\msxml4a.dll

2008-10-11 08:59:33 ----A---- C:\WINDOWS\GooglePreviewIE_Toolbar_Uninstaller_9437.exe

2008-10-11 08:59:32 ----D---- C:\Arquivos de programas\GooglePreviewIE Toolbar

2008-10-11 08:11:02 ----D---- C:\Arquivos de programas\VS Revo Group

2008-10-11 07:22:27 ----D---- C:\Arquivos de programas\Free Window Registry Repair

2008-10-10 07:31:15 ----A---- C:\WINDOWS\NeroDigital.ini

2008-10-09 19:48:19 ----D---- C:\WINDOWS\Minidump

2008-10-09 19:30:18 ----D---- C:\Arquivos de programas\Windows Sidebar

2008-10-09 19:22:11 ----D---- C:\Arquivos de programas\Nero

2008-10-09 19:21:43 ----D---- C:\Arquivos de programas\Arquivos comuns\Nero

2008-10-09 08:10:47 ----D---- C:\Documents and Settings\Sakamoto\Dados de aplicativos\‚ç‚*‚ż‚ńCD_CŚNgvŠ“g for Canon

2008-10-09 07:06:26 ----A---- C:\WINDOWS\unvise32.exe

2008-10-09 07:05:30 ----D---- C:\Arquivos de programas\The Rosetta Stone

2008-10-05 15:09:08 ----HD---- C:\WINDOWS\msdownld.tmp

2008-10-05 03:36:09 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$

2008-10-05 03:35:52 ----D---- C:\WINDOWS\system32\pl-PL

2008-10-05 03:33:32 ----D---- C:\WINDOWS\system32\XPSViewer

2008-10-05 03:33:27 ----D---- C:\WINDOWS\system32\en-us

2008-10-05 03:33:26 ----D---- C:\Arquivos de programas\Reference Assemblies

2008-10-04 19:17:29 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-04 19:17:29 ----D---- C:\Arquivos de programas\iTunes

2008-10-04 19:17:29 ----D---- C:\Arquivos de programas\iPod

2008-10-04 17:33:43 ----D---- C:\Arquivos de programas\Atomic Alarm Clock

2008-09-29 05:34:24 ----N---- C:\WINDOWS\system32\spmsg2.dll

2008-09-27 08:48:06 ----D---- C:\Arquivos de programas\Microsoft Office Outlook Connector

2008-09-27 08:45:24 ----D---- C:\Arquivos de programas\Microsoft

======List of files/folders modified in the last 1 months======

2008-10-24 20:09:35 ----D---- C:\WINDOWS\Temp

2008-10-24 20:06:42 ----RD---- C:\Arquivos de programas

2008-10-24 20:04:29 ----SHD---- C:\WINDOWS\Installer

2008-10-24 20:04:01 ----D---- C:\WINDOWS

2008-10-24 20:03:08 ----D---- C:\WINDOWS\system32

2008-10-24 18:55:42 ----SH---- C:\boot.ini

2008-10-24 18:55:41 ----A---- C:\WINDOWS\win.ini

2008-10-24 18:55:41 ----A---- C:\WINDOWS\system.ini

2008-10-24 18:55:29 ----A---- C:\Documents and Settings\Sakamoto\Dados de aplicativos\AtomicAlarmClock.ini

2008-10-24 18:55:28 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-10-24 18:50:58 ----D---- C:\WINDOWS\system32\CatRoot2

2008-10-24 10:50:44 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-10-23 21:41:36 ----D---- C:\Arquivos de programas\Java

2008-10-23 21:13:19 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-10-23 19:30:55 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-10-23 08:05:58 ----D---- C:\WINDOWS\system32\config

2008-10-23 08:05:45 ----D---- C:\WINDOWS\system32\wbem

2008-10-23 08:05:45 ----D---- C:\WINDOWS\Registration

2008-10-23 07:20:56 ----SHD---- C:\System Volume Information

2008-10-23 07:20:56 ----D---- C:\WINDOWS\system32\Restore

2008-10-22 21:52:11 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-10-21 21:12:22 ----D---- C:\Arquivos de programas\Microsoft Silverlight

2008-10-21 20:39:22 ----D---- C:\WINDOWS\Prefetch

2008-10-20 23:44:30 ----RSD---- C:\WINDOWS\assembly

2008-10-20 11:50:35 ----D---- C:\WINDOWS\Microsoft.NET

2008-10-20 07:12:31 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2008-10-20 06:56:50 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-10-19 18:41:08 ----SHD---- C:\WINDOWS\CSC

2008-10-19 05:37:46 ----D---- C:\WINDOWS\WinSxS

2008-10-19 04:18:37 ----HD---- C:\WINDOWS\inf

2008-10-19 04:18:35 ----DC---- C:\WINDOWS\system32\DRVSTORE

2008-10-19 02:28:46 ----D---- C:\Arquivos de programas\MSECache

2008-10-18 09:21:50 ----SD---- C:\WINDOWS\Tasks

2008-10-18 08:43:16 ----D---- C:\WINDOWS\Cursors

2008-10-15 06:59:14 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-10-15 06:58:53 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-10-15 06:58:53 ----D---- C:\WINDOWS\system32\drivers

2008-10-15 06:58:51 ----HD---- C:\WINDOWS\$hf_mig$

2008-10-15 06:58:35 ----D---- C:\Arquivos de programas\Internet Explorer

2008-10-15 06:58:28 ----D---- C:\WINDOWS\ie7updates

2008-10-13 15:48:15 ----A---- C:\WINDOWS\system32\BASSMOD.dll

2008-10-13 15:32:32 ----SD---- C:\Documents and Settings\Sakamoto\Dados de aplicativos\Microsoft

2008-10-12 16:53:08 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-10-12 07:53:08 ----D---- C:\Arquivos de programas\Magic Video Converter

2008-10-12 07:07:38 ----HD---- C:\WINDOWS\system32\GroupPolicy

2008-10-09 19:31:45 ----AC---- C:\WINDOWS\Irremote.ini

2008-10-09 19:22:19 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-10-08 04:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

2008-10-07 08:57:26 ----D---- C:\Documents and Settings\Sakamoto\Dados de aplicativos\Apple Computer

2008-10-06 01:04:54 ----RHD---- C:\Documents and Settings\All Users\Dados de aplicativos\yahoo!

2008-10-05 23:01:08 ----D---- C:\Arquivos de programas\Windows Media Connect 2

2008-10-05 23:01:07 ----D---- C:\Documents and Settings\Sakamoto\Dados de aplicativos\DNA

2008-10-05 23:01:07 ----D---- C:\Documents and Settings\Sakamoto\Dados de aplicativos\BitTorrent

2008-10-05 23:01:05 ----D---- C:\Arquivos de programas\DreMule

2008-10-05 22:35:04 ----D---- C:\WINDOWS\pss

2008-10-05 22:14:48 ----D---- C:\Documents and Settings\Sakamoto\Dados de aplicativos\BrOffice.org2

2008-10-05 15:14:43 ----D---- C:\Documents and Settings\Sakamoto\Dados de aplicativos\Skype

2008-10-05 15:09:05 ----D---- C:\WINDOWS\system32\CatRoot

2008-10-05 05:15:52 ----A---- C:\WINDOWS\system32\MsiExec.exe.log

2008-10-05 03:36:56 ----D---- C:\WINDOWS\system32\pt-br

2008-10-05 03:35:09 ----D---- C:\WINDOWS\system32\mui

2008-10-05 03:34:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-10-05 03:33:36 ----D---- C:\Arquivos de programas\MSBuild

2008-10-05 03:33:34 ----RSD---- C:\WINDOWS\Fonts

2008-10-04 19:16:15 ----D---- C:\Arquivos de programas\QuickTime

2008-10-04 19:15:50 ----D---- C:\Arquivos de programas\Arquivos comuns\Apple

2008-10-04 17:07:48 ----D---- C:\Documents and Settings\Sakamoto\Dados de aplicativos\Panasonic

2008-10-04 10:15:54 ----D---- C:\Documents and Settings\Sakamoto\Dados de aplicativos\Nero

2008-10-04 02:26:01 ----A---- C:\WINDOWS\system32\ieframe.dll

2008-09-29 05:34:27 ----D---- C:\WINDOWS\system32\spool

2008-09-27 08:48:06 ----D---- C:\Arquivos de programas\Arquivos comuns\System

2008-09-27 08:47:33 ----D---- C:\WINDOWS\system32\DirectX

2008-09-27 08:45:10 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2008-09-27 08:20:55 ----D---- C:\SCNET4

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-06-12 56108]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Arquivos de programas\CyberLink\PowerDVD8\000.fcl []

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-05 24344]

R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 24984]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-07-29 47360]

R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-12 13848]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-10-03 10368]

R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]

R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-09-06 6912]

R3 usbaudio;Driver de áudio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 au4okdbw;au4okdbw; C:\WINDOWS\system32\drivers\au4okdbw.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []

S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2141848]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Conexao de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nm;Driver de monitor de rede; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2007-08-18 57328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 AVP;Kaspersky Anti-Virus 7.0; C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-29 218376]

R2 Bonjour Service;Bonjour Service; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-10-23 152984]

R2 LVCOMSer;LVCOMSer; C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]

R2 LVPrcSrv;Process Monitor; C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]

R2 StarWindServiceAE;StarWind AE Service; C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-25 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-25 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-25 166384]

S2 SessionLauncher;SessionLauncher; C:\DOCUME~1\Sakamoto\CONFIG~1\Temp\DX9\SessionLauncher.exe []

S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-27 439808]

S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-15 654848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-14 138168]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 iPod Service;iPod Service; C:\Arquivos de programas\iPod\bin\iPodService.exe [2008-10-01 536872]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-25 72176]

S3 RoxMediaDB10;RoxMediaDB10; C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-25 1083888]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ahhh! Eu ainda não usei o combo fix pois não sei o jeito correto de usar

Muito obrigado por estar me ajudando!

Compartilhar este post


Link para o post
Compartilhar em outros sites

info.txt logfile of random's system information tool 1.04 2008-10-24 20:07:09

======Uninstall list======

‚ç‚*‚?‚nCDf_fCfOfNfgfvfŠf“fg for Canon-->"C:\Arquivos de programas\Canon\CDDirectPrint\Uninstal.exe" Canon.CDDirectPrint.Application

-->C:\ARQUIV~1\Yahoo!\Common\UNYT_W~1.EXE

-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {4F3FCD41-AD1C-4EE8-9D5C-35DBA58BA060}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {98003BDC-1B68-4970-B28E-ACC8000D2F3E}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

AC3Filter (remove only)-->C:\Arquivos de programas\AC3Filter\uninstall.exe

Adobe AIR-->C:\Arquivos de programas\Arquivos comuns\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe Dreamweaver CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe

Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}

Adobe ExtendScript Toolkit 2-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}

Adobe Extension Manager CS3-->MsiExec.exe /I{D7A53E41-3F32-4A44-989C-53DDEBB2130C}

Adobe Fireworks CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\bbef028176efa5abf0233d3e1747be8\Setup.exe

Adobe Fireworks CS3-->MsiExec.exe /I{E16110F7-1C85-4675-99F4-7938F832C825}

Adobe Flash CS3 Professional-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe

Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Illustrator CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe

Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}

Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}

Adobe InDesign CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\05ba3a63f36684fe0c5dde2ebe6f8f5\Setup.exe

Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe

Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}

Adobe Reader 9 - Portugues-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A90000000001}

Adobe Setup-->MsiExec.exe /I{15C768E2-AB61-4DE3-952F-6B237A834951}

Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}

Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}

Adobe Setup-->MsiExec.exe /I{56B8B892-317E-4FDE-9E4D-44B189848A27}

Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}

Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}

Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}

Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Adobe SING CS3-->MsiExec.exe /I{3F9B2FD2-1C83-4401-9967-C3636638E958}

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ArcSoft PhotoStudio 5.5-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x11

Ashampoo Burning Studio 8.02-->"C:\Arquivos de programas\Ashampoo\Ashampoo Burning Studio 8\unins000.exe"

Ashampoo Media Player+ 2.03-->"C:\Arquivos de programas\Ashampoo\Ashampoo Media Player+\unins000.exe"

Ashampoo WinOptimizer 5.04-->"C:\Arquivos de programas\Ashampoo\Ashampoo WinOptimizer 5\unins000.exe"

Assistente de Conexao do Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}

Atomic Alarm Clock 5.55-->"C:\Arquivos de programas\Atomic Alarm Clock\unins000.exe"

Atualizaçao de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Atualizaçao de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Atualizaçăo de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Atualizaçao de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualizaçao de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Atualizaçăo de Segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Atualizaçăo de Segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Atualizaçăo de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Atualizaçăo de Segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Atualizaçăo de Segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Atualizaçao para Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Atualizaçao para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Atualizaçao para Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"

Atualizaçao para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Banner Maker Pro Version 6-->"C:\Arquivos de programas\Banner Maker Pro 6\unins000.exe"

Barra de Ferramentas do Yahoo!-->C:\ARQUIV~1\Yahoo!\Common\UNYT_W~1.EXE

Blu-ray Disc Authoring Plug-in-->C:\Arquivos de programas\Arquivos comuns\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M13-0083-2710-5622-98W3-TL0A-THW4-9A0T"

Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}

BootSkin-->C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG

BrOffice.org 2.4-->MsiExec.exe /I{598565FC-047F-4BBA-AA5F-A95EC039F05B}

BS.Player PRO-->"C:\Arquivos de programas\Webteh\BSplayerPro\uninstall.exe"

Cable e ADSL Speed-->C:\WINDOWS\st6unst.exe -n "C:\Arquivos de programas\Cable e ADSL Speed\ST6UNST.LOG"

Canon f}fC fvfŠf“f^-->C:\Arquivos de programas\Canon\MyPrinter\uninst.exe uninst.ini

Canon IJ Network Scan Utility-->C:\Arquivos de programas\Canon\Canon IJ Network Scan Utility\CNMNSU.EXE

Canon IJ Network Tool-->C:\Arquivos de programas\Canon\Canon IJ Network Tool\CNMNUU.EXE

Canon MP Navigator EX 1.0-->"C:\Arquivos de programas\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Arquivos de programas\Canon\MP Navigator EX 1.0\uninst.ini

Canon MP970 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series /L0x0011

Canon Utilities Easy-PhotoPrint EX-->C:\Arquivos de programas\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini

Canon Utilities Solution Menu-->C:\Arquivos de programas\Canon\SolutionMenu\uninst.exe uninst.ini

Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}

Conta Fácil 7.4.1 (Jan/2007)-->"c:\mtg\contas7\unins000.exe"

Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}

CyberLink PowerDVD 8-->"C:\Arquivos de programas\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall

DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}

DivX Codec-->C:\Arquivos de programas\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Arquivos de programas\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player-->C:\Arquivos de programas\DivX\DivXWebPlayerUninstall.exe /PLUGIN

DreaMule 3.2-->"C:\Arquivos de programas\DreMule\unins000.exe"

Driver da Logicool® Camera-->"C:\Arquivos de programas\Arquivos comuns\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

DTS Plug-in-->C:\Arquivos de programas\Arquivos comuns\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9K00-0003-8M80-6320-5043-1458-XAA5"

EMC 10 Content-->MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03}

EzGenerator Trial 3.0-->C:\Arquivos de programas\EzGenerator3\uninst.exe

Free Window Registry Repair-->C:\ARQUIV~1\FREEWI~1\UNWISE.EXE C:\ARQUIV~1\FREEWI~1\INSTALL.LOG

ftfWfJf‰[fCf[fWfrf…[fA[-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{A877994C-EAA2-41BB-97B2-281EBF38C143}\Setup.exe"

Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\arquivos de programas\google\googletoolbar2.dll"

GooglePreviewIE Toolbar-->"C:\WINDOWS\GooglePreviewIE_Toolbar_Uninstaller_9437.exe" _?=C:\Arquivos de programas\GooglePreviewIE Toolbar

Gracenote Plug-in-->C:\Arquivos de programas\Arquivos comuns\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M0C-01A2-K817-3LK8-9X6M-WK3U-L942-3WE1"

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"

Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF

Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall

iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}

IZArc 3.81-->"C:\Arquivos de programas\IZArc\unins000.exe"

Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}

Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}

K-Lite Mega Codec Pack 4.0.0-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"

Logicool Desktop Messenger-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL

Logicool Qcam-->MsiExec.exe /X{CAB2FC43-5EC2-4EA8-B605-A6BEE36CC0C0}

Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}

Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}

Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}

Magic Video Converter 8.0.10.25-->"C:\Arquivos de programas\Magic Video Converter\unins000.exe"

MemoriesOnTV 4.0.4-->"C:\Arquivos de programas\MemoriesOnTV4\unins000.exe"

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack-->MsiExec.exe /X{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK-->MsiExec.exe /I{036FD544-AED6-3F33-856D-A2292D0CF471}

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTB-->MsiExec.exe /I{EDA9F30A-8B65-3E6F-B353-CCA1C9241471}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK-->MsiExec.exe /I{7C77393F-8237-3825-A88A-AFAF3C69C072}

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTB-->MsiExec.exe /I{94C65B81-1CCE-3D93-95B5-853B1A3DA539}

Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}

Microsoft .NET Framework 3.5 Language Pack - plk-->MsiExec.exe /I{F31E509D-3597-324E-83CF-0C160B2320F0}

Microsoft .NET Framework 3.5 Language Pack - ptb-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - ptb\setup.exe

Microsoft .NET Framework 3.5 Language Pack - ptb-->MsiExec.exe /I{AA6E423F-CBDF-3608-AC30-0CF08D7C9A07}

Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe

Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-011F-0416-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}

Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}

Microsoft Save as PDF Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B0-0409-0000-0000000FF1CE}

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}

Mozilla Firefox (3.0.3)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

mp3PRO Plug-in-->C:\Arquivos de programas\Arquivos comuns\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9C00-E0A2-98K1-294K-06XC-MX2C-X988"

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

MSXML 6.0 SDK-->MsiExec.exe /I{DF67E8C2-1D4C-44E1-93DC-7E26E2D74D00}

Multimedia Combo Set Driver-->C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B8C11C23-F46C-48C1-8EA8-CEA82115586A}

MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

ODF Add-in for Microsoft Word-->MsiExec.exe /I{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}

One-click Ringtone Converter-->MsiExec.exe /X{FE4D2090-9E16-43A2-8020-EA825E9E7F5E}

Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - plk\setup.exe

Password Reminder 1.6-->"C:\Arquivos de programas\Password Reminder\unins000.exe"

PC Inspector File Recovery-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

PowerISO-->"C:\Arquivos de programas\PowerISO\uninstall.exe"

Proteçao do Yahoo! Cade-->C:\ARQUIV~1\Yahoo!\SEARCH~1\UNINST~1.EXE

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Arquivos de programas\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0416 -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x416 -removeonly

Revo Uninstaller 1.75-->C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\uninst.exe

Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}

Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}

Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}

Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}

Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}

Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}

Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}

Roxio CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}

Roxio CinePlayer-->MsiExec.exe /I{1B683082-8791-4D00-8ADE-6C8986FCCC68}

Roxio Disc Gallery-->MsiExec.exe /I{3E67A8DA-FE7B-4160-8465-F5571EA18753}

Roxio Easy Media Creator 10 Suite-->MsiExec.exe /I{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}

Roxio File Backup-->MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}

Roxio MediaShare-->MsiExec.exe /I{9A9A1828-31D1-4590-A99F-022B7237AFAE}

Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}

Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SmartSound Quicktracks Plugin-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

The Rosetta Stone-->C:\WINDOWS\unvise32.exe C:\Arquivos de programas\The Rosetta Stone\TRS Support\uninstal.log

Thoosje Sidebar V2.3-->C:\Arquivos de programas\Thoosje Sidebar V2.3\Uninstall.exe

Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

VDownloader 0.74-->"C:\Arquivos de programas\VDOWNLOADER\unins000.exe"

VistaMizer 2.5.2.0-->C:\WINDOWS\VistaMizer\Uninstall.exe

Winamp Remote-->"C:\Arquivos de programas\Winamp Remote\uninstall.exe"

Winamp Toolbar for Firefox-->"\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"

Winamp-->"C:\Arquivos de programas\Winamp\UninstWA.exe"

Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live Beta (todos os programas)-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe

Windows Live Beta (todos os programas)-->MsiExec.exe /I{4FE37B71-AB78-4F4A-8327-A8401E5BD12A}

Windows Live Call-->MsiExec.exe /I{F99EE599-A088-4037-831E-587E9BB35826}

Windows Live Mail-->MsiExec.exe /I{98883B07-35DF-45D6-AA3F-7BD507E0F655}

Windows Live Messenger-->MsiExec.exe /X{2B3D758E-DEE0-4868-B2F6-9CE435A13400}

Windows Live Writer-->MsiExec.exe /X{92602887-4B38-4EC9-839D-2169AD2E4E92}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->C:\Arquivos de programas\WinRAR\uninstall.exe

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

XviD Video Codec 1.1.2-01022007-->C:\Arquivos de programas\XviD\uninst.exe

Yahoo! Extras-->C:\ARQUIV~1\Yahoo!\Common\unyext.exe

Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\ARQUIV~1\Yahoo!\Common\YINSTH~1.DLL

Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\ARQUIV~1\Yahoo!\Common\ymmapi.dll

Yahoo! Messenger-->C:\ARQUIV~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\ARQUIV~1\Yahoo!\MESSEN~1\INSTALL.LOG

Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

????????Lite-->MsiExec.exe /I{0B3078B0-544C-4D73-B7E6-DD59494129E3}

????Lite-->MsiExec.exe /I{5E32882F-6150-4105-B3F2-7030A0502317}

======Security center information======

AV: Kaspersky Anti-Virus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\DLLShared;C:\Arquivos de programas\Arquivos comuns\Roxio Shared\DLLShared;C:\Arquivos de programas\QuickTime\QTSystem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"RoxioCentral"=C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\Roxio Central36\

"CLASSPATH"=.;C:\Arquivos de programas\Java\jre1.6.0_07\lib\ext\QTJava.zip

"QTJAVA"=C:\Arquivos de programas\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro SAKAMOTO carlos

Desculpe a demora :)

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

tentei fazer o procedimento, mas na janela do combofix aparece tudo em alemão não sei o que se trata! por favor verifique se tem algo de errado com o link!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro SAKAMOTO carlos

>>> Por acaso o sistema operacional de seu computador é alemão?

# Etapa nº 1 #

Vá até 4y6d3b8.gif"Jotti's malware scan"

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o seguinte:
    C:\WINDOWS\system32\drivers\au4okdbw.sys
  • Clique no botão 688godt.jpg
  • O arquivo irá ser examinado por diferentes programas antivirus, por favor aguarde.
  • Copie e cole esse resultado, juntamente com novo log do HijackThis.

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

# Etapa nº 2 #

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

# Etapa nº 3 #

Faça um novo log com o Hijackthis e poste juntamente com o do MalwareBytes!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

estou enviado os dois logs.

Malwarebytes' Anti-Malware 1.30

Versăo do banco de dados: 1333

Windows 5.1.2600 Service Pack 3

2008-10-29 07:07:04

mbam-log-2008-10-29 (07-07-04).txt

Tipo de Verificaçăo: Rápida

Objetos verificados: 56498

Tempo decorrido: 3 minute(s), 11 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 1

Pastas infectadas: 0

Arquivos infectados: 1

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\WINDOWS\Downloaded Program Files\scpsssh2.inf (Trojan.Agent) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 06:41, on 2008-10-30

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVCOMSER\LVComSer.exe

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Cable e ADSL Speed\NtwCA.exe

C:\Arquivos de programas\Atomic Alarm Clock\AtomicAlarmClock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Arquivos de programas\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Carlos/Simone/Emily

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexao do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: GooglePreviewIE Toolbar Helper - {D476B977-AF6C-481A-8472-2ABAB5E89F20} - C:\Arquivos de programas\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: GooglePreviewIE Toolbar - {AEC32322-9D72-4C55-A108-33875F07BC03} - C:\Arquivos de programas\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll

O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [CASpeed] "C:\Arquivos de programas\Cable e ADSL Speed\NtwCA.exe" /HIDE

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Arquivos de programas\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKCU\..\Run: [skinClock] C:\Arquivos de programas\Atomic Alarm Clock\AtomicAlarmClock.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215958479000

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Arquivos de programas\Logicool\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: LVCOMSer - Logicool Co., Ltd - C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd - C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Sakamoto\CONFIG~1\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro SAKAMOTO carlos

>>> Esqueceu de me reponder: por acaso o sistema operacional de seu computador é alemão?

Faltou:

Vá até 4y6d3b8.gif"Jotti's malware scan"

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o seguinte:
    C:\WINDOWS\system32\drivers\au4okdbw.sys
  • Clique no botão 688godt.jpg
  • O arquivo irá ser examinado por diferentes programas antivirus, por favor aguarde.
  • Copie e cole esse resultado, juntamente com novo log do HijackThis.

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

Obrigado e aguardo!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×