Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Fazin

Log do DDS e Gmer

Recommended Posts

Estou com alguns problemas no uso do computador, que envolvem alguns erros e lentidão na internet anormal.

Gostaria que me ajudassem a analisar:

DDS:

DDS (Version 1.0) - FAT32x86

Run by DESKTOP at 14:12:03.81 on 2008-11-30

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2047.1348 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

SVCHOST.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\msshell.exe

C:\WINDOWS\system32\msne.exe

C:\WINDOWS\system32\wscntfx.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\DESKTOP\Meus documentos\Fabricio\pc\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/custom?domains=entretieneteds.to.md&q=&sitesearch=&client=pub-3439752189615153

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: {02d6cf25-12b4-25d4-9650-9bb05537abd5} - c:\windows\system32\nsuA.dll

BHO: {0347C33E-8762-4905-BF09-768834316C61} - c:\arquivos de programas\hp\smart web printing\hpswp_printenhancer.dll

BHO: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\arquivos de programas\hp\smart web printing\hpswp_framework.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: {6ABF038A-1DE9-5137-ED28-DC9C34DEB231} - c:\windows\system32\sgwzatmpdwpnryy.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_03\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\arquivos de programas\gbplugin\gbiehCef.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - c:\arquiv~1\gbplugin\gbiehabn.dll

BHO: {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - c:\documents and settings\desktop\meus documentos\fabricio\vestibular\pdfx3\pdf-xchange 3 pro\pdf-xchange pdf viewer\pdf-viewer\PDFXCviewIEPlugin.dll

BHO: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - c:\arquivos de programas\asktbar\bar\2.bin\ASKTBAR.DLL

TB: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - c:\arquivos de programas\asktbar\bar\2.bin\ASKTBAR.DLL

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - c:\arquivos de programas\asktbar\bar\2.bin\ASKTBAR.DLL

uRun: [MsnMsgr] "c:\arquivos de programas\msn messenger\MsnMsgr.Exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AVG7_CC] c:\arquiv~1\grisoft\avg7\avgcc.exe /STARTUP

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [msshell.exe] c:\windows\system32\msshell.exe

mRun: [msne.exe] c:\windows\system32\msne.exe

mRun: [wscntfx] c:\windows\system32\wscntfx.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [AVG7_Run] c:\arquiv~1\grisoft\avg7\avgw.exe /RUNONCE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\assist~1.lnk - c:\arquivos de programas\assistente tecnico speedy\bin\matcli.exe

IE: Append to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter destino de link em Adobe PDF - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter destino de link em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter links selecionados em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_03\bin\ssv.dll

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

TCP: {1DB51EC3-F2FB-4794-BC3D-02684895A1B9} = 200.204.0.10 200.204.0.138

Notify: GbPluginAbn - c:\arquiv~1\gbplugin\gbiehabn.dll

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll

Notify: __GbPluginAbn - c:\arquivos de programas\gbplugin\gbiehabn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\gbplugin\gbiehCef.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399007} - c:\arquiv~1\gbplugin\gbiehabn.dll

LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

? GbpSv;GbpSv; []

S2 bsaspi32;bsaspi32; []

S3 ddsxeiservice;ddsxeiservice2;\??\c:\arquivos de programas\sxe injected\ddsxei.sys [2008-7-7 43392]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys []

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys []

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys []

S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys []

S3 tgiul50;tgiul50;c:\windows\system32\drivers\tgiulnt5.sys [2008-3-9 138528]

S3 TridVid;ENUTV;c:\windows\system32\drivers\TridVid.sys [2007-11-29 108544]

=============== Created Last 30 ================

2008-11-29 23:23 0 ---sh--- c:\windows\system32\MEGATRON.ini

2008-11-29 23:21 1,320,448 ---sh--- c:\windows\system32\wscntfx.exe

2008-11-29 23:21 585,216 ---sh--- c:\windows\system32\msne.exe

2008-11-29 23:20 376,320 ---sh--- c:\windows\system32\msshell.exe

2008-11-29 23:20 1,077 a------- c:\windows\system32\configex.dll

2008-11-28 15:01 675,328 a------- c:\windows\system32\nsuA.dll

2008-11-17 20:59 96,093 a------- c:\windows\system32\sgwzatmpdwpnryy.dll-uninst.exe

2008-11-17 12:54 600,576 a------- c:\windows\system32\sgwzatmpdwpnryy.dll

2008-11-15 21:36 <DIR> --dsh--- C:\FOUND.029

2008-11-10 13:33 2,463,976 a------- c:\windows\system32\NPSWF32.dll

2008-11-10 13:33 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe

2008-11-10 13:30 <DIR> --d----- c:\arquivos de programas\Bonjour

2008-11-10 13:27 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Macrovision Shared

2008-11-10 13:20 32 a------- c:\windows\CD_Start.INI

2008-11-10 09:05 <DIR> --d----- c:\arquivos de programas\AskTBar

2008-11-04 22:31 308,224 a------- c:\windows\IsUn0416.exe

2008-11-02 13:58 <DIR> --d----- c:\arquivos de programas\SopCast

2008-11-02 13:58 <DIR> --d----- c:\arquivos de programas\Megacubo

2008-11-02 10:19 4,682 a------- c:\windows\system32\npptNT2.sys

2008-11-02 10:19 5,174 a------- c:\windows\system32\nppt9x.vxd

2008-11-02 10:07 <DIR> --d----- c:\arquivos de programas\OnGame

==================== Find3M ====================

2008-11-29 22:28 53,966 a------- c:\windows\system32\cont_dcads-remove.exe

2008-10-18 10:48 <DIR> --d----- c:\arquivos de programas\vestgame

2008-07-18 13:09 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\NexonUS

2008-06-27 21:24 <DIR> --d----- c:\docume~1\desktop\dadosd~1\uTorrent

2008-05-14 22:48 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\WEBREG

2008-05-11 23:14 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\MSScanAppDataDir

2008-03-30 21:57 <DIR> --d----- c:\docume~1\desktop\dadosd~1\GARMIN

2008-03-09 00:02 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Babylon

2008-03-09 00:02 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Babylon

2008-02-02 20:26 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Morpheus Software

2008-02-02 20:06 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Corel

2007-12-22 12:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Grisoft

2007-11-19 06:36 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Nero

2007-10-31 14:05 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Publish Providers

2007-10-31 13:52 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Sony

2007-10-31 13:41 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Sony Setup

2007-09-23 22:07 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Adssite Advanced Toolbar

2007-09-23 20:40 <DIR> --d----- c:\docume~1\desktop\dadosd~1\LimeWire

2007-09-14 17:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Windows Live Toolbar

2007-08-01 11:12 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Tibia

2007-05-21 00:50 <DIR> --d----- c:\docume~1\desktop\dadosd~1\AdobeAUM

2007-05-12 14:09 <DIR> --d----- c:\docume~1\desktop\dadosd~1\MusicIP

2007-02-07 17:22 <DIR> --d----- c:\docume~1\desktop\dadosd~1\AVG7

2007-02-07 17:22 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\avg7

2007-02-06 01:06 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2007-01-20 23:17 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2006-12-24 22:25 <DIR> --d----- c:\docume~1\desktop\dadosd~1\SecondLife

2006-12-17 14:03 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\POPWWPROFILES

2006-12-05 12:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Ahead

2006-11-19 00:52 <DIR> --d----- c:\docume~1\desktop\dadosd~1\.bittorrent

2006-09-11 22:04 <DIR> --d----- c:\docume~1\desktop\dadosd~1\UOL

2006-09-11 22:04 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\UOL

2006-09-08 22:36 <DIR> --d----- c:\docume~1\desktop\dadosd~1\NewSoft

2006-09-08 22:15 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Newsoft

2006-08-26 21:53 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Ulead Systems

2006-08-26 21:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\SmartSound Software Inc

2008-02-02 20:58 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys

2008-02-02 20:06 8 ---shr-- c:\windows\system32\A2833A862F.sys

2008-02-10 01:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\dados de aplicativos\microsoft\feeds cache\index.dat

============= FINISH: 14:12:31.07 ===============

GMER:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-30 14:19:46

Windows 5.1.2600 Service Pack 2

---- Devices - GMER 1.0.14 ----

Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

---- User code sections - GMER 1.0.14 ----

.text C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe[240] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)

.text C:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 1006A310 C:\ARQUIV~1\GbPlugin\gbiehabn.dll (Gbieh Module/Banco ABN AMRO)

.text C:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 1006A040 C:\ARQUIV~1\GbPlugin\gbiehabn.dll (Gbieh Module/Banco ABN AMRO)

.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1006A1A0 C:\ARQUIV~1\GbPlugin\gbiehabn.dll (Gbieh Module/Banco ABN AMRO)

Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

---- Services - GMER 1.0.14 ----

Service C:\Arquivos de programas\GbPlugin\GbpSv.exe (*** hidden *** ) [AUTO] GbpSv <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ErrorControl 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ImagePath C:\Arquivos de programas\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ErrorControl 0

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ImagePath C:\Arquivos de programas\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

---- EOF - GMER 1.0.14 ----

[]'s Espero resposta :)

Fazin

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Desculpe a demora.

Caso ainda necessite de ajuda, por execute novamente o DDS.

ATENÇÃO: Não abra um novo tópico, cole os novos logs neste mesmo tópico,

utilizando o botão reply.gif

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Antes de mais nada queria constar que meu computador toda vez ao iniciar requere uma conexão com a internet pra um site casal192.com

Espero que isso ajude.

:mellow:

Aqui segue o log que me pediu:

DDS (Version 1.0) - FAT32x86

Run by DESKTOP at 20:39:52.45 on 2008-12-03

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2047.1305 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

SVCHOST.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\msshell.exe

C:\WINDOWS\system32\msne.exe

C:\WINDOWS\system32\wscntfx.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgw.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\mspaint.exe

C:\Documents and Settings\DESKTOP\Meus documentos\Fabricio\pc\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/custom?domains=entretieneteds.to.md&q=&sitesearch=&client=pub-3439752189615153

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: {02d6cf25-12b4-25d4-9650-9bb05537abd5} - c:\windows\system32\nsuA.dll

BHO: {0347C33E-8762-4905-BF09-768834316C61} - c:\arquivos de programas\hp\smart web printing\hpswp_printenhancer.dll

BHO: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\arquivos de programas\hp\smart web printing\hpswp_framework.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: {6ABF038A-1DE9-5137-ED28-DC9C34DEB231} - c:\windows\system32\sgwzatmpdwpnryy.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_03\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\arquivos de programas\gbplugin\gbiehCef.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - c:\arquiv~1\gbplugin\gbiehabn.dll

BHO: {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - c:\documents and settings\desktop\meus documentos\fabricio\vestibular\pdfx3\pdf-xchange 3 pro\pdf-xchange pdf viewer\pdf-viewer\PDFXCviewIEPlugin.dll

BHO: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - c:\arquivos de programas\asktbar\bar\2.bin\ASKTBAR.DLL

TB: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - c:\arquivos de programas\asktbar\bar\2.bin\ASKTBAR.DLL

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - c:\arquivos de programas\asktbar\bar\2.bin\ASKTBAR.DLL

uRun: [MsnMsgr] "c:\arquivos de programas\msn messenger\MsnMsgr.Exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AVG7_CC] c:\arquiv~1\grisoft\avg7\avgcc.exe /STARTUP

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [msshell.exe] c:\windows\system32\msshell.exe

mRun: [msne.exe] c:\windows\system32\msne.exe

mRun: [wscntfx] c:\windows\system32\wscntfx.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [AVG7_Run] c:\arquiv~1\grisoft\avg7\avgw.exe /RUNONCE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\assist~1.lnk - c:\arquivos de programas\assistente tecnico speedy\bin\matcli.exe

IE: Append to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter destino de link em Adobe PDF - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter destino de link em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter links selecionados em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_03\bin\ssv.dll

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

TCP: {1DB51EC3-F2FB-4794-BC3D-02684895A1B9} = 200.204.0.10 200.204.0.138

Notify: GbPluginAbn - c:\arquiv~1\gbplugin\gbiehabn.dll

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll

Notify: __GbPluginAbn - c:\arquivos de programas\gbplugin\gbiehabn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\gbplugin\gbiehCef.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399007} - c:\arquiv~1\gbplugin\gbiehabn.dll

LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

? GbpSv;GbpSv; []

S2 bsaspi32;bsaspi32; []

S3 ddsxeiservice;ddsxeiservice2;\??\c:\arquivos de programas\sxe injected\ddsxei.sys [2008-7-7 43392]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys []

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys []

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys []

S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys []

S3 tgiul50;tgiul50;c:\windows\system32\drivers\tgiulnt5.sys [2008-3-9 138528]

S3 TridVid;ENUTV;c:\windows\system32\drivers\TridVid.sys [2007-11-29 108544]

=============== Created Last 30 ================

2008-11-30 14:14 250 a------- c:\windows\gmer.ini

2008-11-29 23:23 0 ---sh--- c:\windows\system32\MEGATRON.ini

2008-11-29 23:21 1,320,448 ---sh--- c:\windows\system32\wscntfx.exe

2008-11-29 23:21 585,216 ---sh--- c:\windows\system32\msne.exe

2008-11-29 23:20 376,320 ---sh--- c:\windows\system32\msshell.exe

2008-11-29 23:20 1,094 a------- c:\windows\system32\configex.dll

2008-11-28 15:01 675,328 a------- c:\windows\system32\nsuA.dll

2008-11-17 20:59 96,093 a------- c:\windows\system32\sgwzatmpdwpnryy.dll-uninst.exe

2008-11-17 12:54 600,576 a------- c:\windows\system32\sgwzatmpdwpnryy.dll

2008-11-15 21:36 <DIR> --dsh--- C:\FOUND.029

2008-11-10 13:33 2,463,976 a------- c:\windows\system32\NPSWF32.dll

2008-11-10 13:33 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe

2008-11-10 13:30 <DIR> --d----- c:\arquivos de programas\Bonjour

2008-11-10 13:27 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Macrovision Shared

2008-11-10 13:20 32 a------- c:\windows\CD_Start.INI

2008-11-10 09:05 <DIR> --d----- c:\arquivos de programas\AskTBar

2008-11-04 22:31 308,224 a------- c:\windows\IsUn0416.exe

==================== Find3M ====================

2008-11-29 22:28 53,966 a------- c:\windows\system32\cont_dcads-remove.exe

2008-11-02 13:58 <DIR> --d----- c:\arquivos de programas\SopCast

2008-11-02 13:58 <DIR> --d----- c:\arquivos de programas\Megacubo

2008-11-02 10:07 <DIR> --d----- c:\arquivos de programas\OnGame

2008-10-18 10:48 <DIR> --d----- c:\arquivos de programas\vestgame

2008-07-18 13:09 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\NexonUS

2008-06-27 21:24 <DIR> --d----- c:\docume~1\desktop\dadosd~1\uTorrent

2008-05-14 22:48 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\WEBREG

2008-05-11 23:14 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\MSScanAppDataDir

2008-03-30 21:57 <DIR> --d----- c:\docume~1\desktop\dadosd~1\GARMIN

2008-03-09 00:02 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Babylon

2008-03-09 00:02 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Babylon

2008-02-02 20:26 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Morpheus Software

2008-02-02 20:06 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Corel

2007-12-22 12:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Grisoft

2007-11-19 06:36 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Nero

2007-10-31 14:05 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Publish Providers

2007-10-31 13:52 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Sony

2007-10-31 13:41 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Sony Setup

2007-09-23 22:07 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Adssite Advanced Toolbar

2007-09-23 20:40 <DIR> --d----- c:\docume~1\desktop\dadosd~1\LimeWire

2007-09-14 17:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Windows Live Toolbar

2007-08-01 11:12 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Tibia

2007-05-21 00:50 <DIR> --d----- c:\docume~1\desktop\dadosd~1\AdobeAUM

2007-05-12 14:09 <DIR> --d----- c:\docume~1\desktop\dadosd~1\MusicIP

2007-02-07 17:22 <DIR> --d----- c:\docume~1\desktop\dadosd~1\AVG7

2007-02-07 17:22 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\avg7

2007-02-06 01:06 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2007-01-20 23:17 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2006-12-24 22:25 <DIR> --d----- c:\docume~1\desktop\dadosd~1\SecondLife

2006-12-17 14:03 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\POPWWPROFILES

2006-12-05 12:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Ahead

2006-11-19 00:52 <DIR> --d----- c:\docume~1\desktop\dadosd~1\.bittorrent

2006-09-11 22:04 <DIR> --d----- c:\docume~1\desktop\dadosd~1\UOL

2006-09-11 22:04 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\UOL

2006-09-08 22:36 <DIR> --d----- c:\docume~1\desktop\dadosd~1\NewSoft

2006-09-08 22:15 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Newsoft

2006-08-26 21:53 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Ulead Systems

2006-08-26 21:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\SmartSound Software Inc

2008-02-02 20:58 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys

2008-02-02 20:06 8 ---shr-- c:\windows\system32\A2833A862F.sys

2008-02-10 01:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\dados de aplicativos\microsoft\feeds cache\index.dat

============= FINISH: 20:40:36.09 ===============

Abraços,

Fazin.:unsure:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom mais uma coisa, fica agora no firefox entrando como padrão de pesquisa um tal de yoog ...

Nossa quando computador quer da problema, ele acumula tudo heuheuhue

Bom aguardando resposta,

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Entre outras infeções, o seu log mostra que está infectado por um trojan banker. Este trojan é capaz de capturar senhas e as enviar para um cracker (hacker).

Recomendações:

  1. Evite ao máximo utilizar a internet neste pc, até que ele esteja limpo.
  2. Use um PC limpo e seguro e troque todas as suas palavras-passe; palavras-chave (online passwords).
  3. Entre em contacto com as suas instituições financeiras (bancos, etc.) e informe-as desta sua situação.

Remoção:

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Após ler sua resposta e o tutorial no bleepingcomputer.com

estava tudo indo bem até que depois da mensagem

"ComboFix modificou as definições do relógio.

Não as restaure. Será restaurado mais tarde"

Ocorre um erro no Windows XP aqueles de tela azul, o computador reiniciou logo em seguida e tinha a opção de escolha para o "Console de Recuperação do Windows" porém como não foi dada nenhuma informação no programa ou nos tutoriais levei a crer que não era pra fazer nada, o computador iniciou com um log de erro do Windows e mais nada sobre o programa. Então achei melhor postar aqui o acontecimento antes de tentar mais alguma coisa.:unsure:

Nota: a tela de Negação de garantia do software para mim não aparecia na tela azul do prompt do ComboFix e sim como um caixa de alerta, porém após clicar sim (não teve necessidade do 1) voltou-se ao prompt e estava tudo igual até o erro.. posso dizer que ao meu ver não mudou-se o horário..

Abraços,

Fazin. :mellow:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Acesse o Painel de Controlo -> Adicionar/Remover Programas; e remova os seguintes programas caso estejam presentes:

  • asktbar

Faça o download de OTMoveIt3 by OldTimer e salve no desktop.

Duplo-Clique no icone otmi3desktopicon.png que está no seu desktop.

Copie o texto que está abaixo dentro do "Code" e cole na área abaixo de pasteline.png:


:processes
explorer.exe
:files
c:\windows\system32\nsuA.dll
c:\windows\system32\sgwzatmpdwpnryy.dll
c:\arquivos de programas\asktbar
c:\windows\system32\msshell.exe
c:\windows\system32\msne.exe
c:\windows\system32\wscntfx.exe
c:\windows\system32\configex.dll
c:\windows\system32\sgwzatmpdwpnryy.dll-uninst.exe
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{02d6cf25-12b4-25d4-9650-9bb05537abd5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{6ABF038A-1DE9-5137-ED28-DC9C34DEB231}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FE063DB9-4EC0-403E-8DD8-394C54984B2C}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msshell.exe"=-
"msne.exe"=-
"wscntfx"=-
:commands
[EmptyTemp]
[Reboot]

Clique agora no botão btnmoveit.png

Caso apareça o aviso para reiniciar o computador, faça isso.

Na sua proxima resposta, copie e cole o todo o conteúdo que está em results.png

Gere e cole também um novo log do DDS.

Se o computador reiniciou e não lhe foi possível copiar o resultado, abra o Bloco de Notas (Iniciar ~> Programs ~> Acessorios ~> Bloco de Notas), clique em Arquivo ~> Abrir e na caixa "Nome do Arquivo", coloque *.log e dê enter; Procure a pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tudo executado conforme o pedido: (O site de pesquisa ainda está sendo o tal yoog, porém o inicio requisitando entrar na internet pelo site casal192.com não mais aparece..:huh:)

Seguem os logs:

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

c:\windows\system32\nsuA.dll unregistered successfully.

c:\windows\system32\nsuA.dll moved successfully.

c:\windows\system32\sgwzatmpdwpnryy.dll unregistered successfully.

c:\windows\system32\sgwzatmpdwpnryy.dll moved successfully.

c:\arquivos de programas\AskTBar\bar\History moved successfully.

c:\arquivos de programas\AskTBar\bar\2.bin moved successfully.

c:\arquivos de programas\AskTBar\bar moved successfully.

c:\arquivos de programas\AskTBar moved successfully.

c:\windows\system32\msshell.exe moved successfully.

c:\windows\system32\msne.exe moved successfully.

c:\windows\system32\wscntfx.exe moved successfully.

LoadLibrary failed for c:\windows\system32\configex.dll

c:\windows\system32\configex.dll NOT unregistered.

c:\windows\system32\configex.dll moved successfully.

c:\windows\system32\sgwzatmpdwpnryy.dll-uninst.exe moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\msshell.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\msne.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wscntfx deleted successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\DESKTOP\CONFIG~1\Temp\~DFF8F5.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\DESKTOP\CONFIG~1\Temp\~DFFC1A.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\DESKTOP\CONFIG~1\Temp\~DF142D.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\DESKTOP\CONFIG~1\Temp\~DF1436.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\DESKTOP\CONFIG~1\Temp\etilqs_YXO5ireocaR8J3xjc9vb scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\DESKTOP\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ek2zz8yy.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\DESKTOP\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ek2zz8yy.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\DESKTOP\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ek2zz8yy.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\DESKTOP\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ek2zz8yy.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\DESKTOP\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ek2zz8yy.default\XUL.mfl scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\DESKTOP\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ek2zz8yy.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12052008_100905

Files moved on Reboot...

File C:\DOCUME~1\DESKTOP\CONFIG~1\Temp\~DFF8F5.tmp not found!

File C:\DOCUME~1\DESKTOP\CONFIG~1\Temp\~DFFC1A.tmp not found!

File C:\DOCUME~1\DESKTOP\CONFIG~1\Temp\~DF142D.tmp not found!

File C:\DOCUME~1\DESKTOP\CONFIG~1\Temp\~DF1436.tmp not found!

File C:\DOCUME~1\DESKTOP\CONFIG~1\Temp\etilqs_YXO5ireocaR8J3xjc9vb not found!

C:\Documents and Settings\DESKTOP\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ek2zz8yy.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\DESKTOP\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ek2zz8yy.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\DESKTOP\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ek2zz8yy.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\DESKTOP\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ek2zz8yy.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\DESKTOP\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ek2zz8yy.default\XUL.mfl moved successfully.

C:\Documents and Settings\DESKTOP\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ek2zz8yy.default\urlclassifier3.sqlite moved successfully.

------------------

DDS:

DDS (Version 1.0) - FAT32x86

Run by DESKTOP at 10:34:52.85 on 2008-12-05

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.2047.1540 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

SVCHOST.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe

C:\Documents and Settings\DESKTOP\Meus documentos\Fabricio\pc\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: {0347C33E-8762-4905-BF09-768834316C61} - c:\arquivos de programas\hp\smart web printing\hpswp_printenhancer.dll

BHO: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\arquivos de programas\hp\smart web printing\hpswp_framework.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_03\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\arquivos de programas\gbplugin\gbiehCef.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - c:\arquiv~1\gbplugin\gbiehabn.dll

BHO: {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - c:\documents and settings\desktop\meus documentos\fabricio\vestibular\pdfx3\pdf-xchange 3 pro\pdf-xchange pdf viewer\pdf-viewer\PDFXCviewIEPlugin.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [MsnMsgr] "c:\arquivos de programas\msn messenger\MsnMsgr.Exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AVG7_CC] c:\arquiv~1\grisoft\avg7\avgcc.exe /STARTUP

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [AVG7_Run] c:\arquiv~1\grisoft\avg7\avgw.exe /RUNONCE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\assist~1.lnk - c:\arquivos de programas\assistente tecnico speedy\bin\matcli.exe

IE: Append to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter destino de link em Adobe PDF - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter destino de link em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter links selecionados em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_03\bin\ssv.dll

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

Notify: GbPluginAbn - c:\arquiv~1\gbplugin\gbiehabn.dll

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll

Notify: __GbPluginAbn - c:\arquivos de programas\gbplugin\gbiehabn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\gbplugin\gbiehCef.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399007} - c:\arquiv~1\gbplugin\gbiehabn.dll

LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

? GbpSv;GbpSv; []

S2 bsaspi32;bsaspi32; []

S3 ddsxeiservice;ddsxeiservice2;\??\c:\arquivos de programas\sxe injected\ddsxei.sys [2008-7-7 43392]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys []

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys []

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys []

S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys []

S3 tgiul50;tgiul50;c:\windows\system32\drivers\tgiulnt5.sys [2008-3-9 138528]

S3 TridVid;ENUTV;c:\windows\system32\drivers\TridVid.sys [2007-11-29 108544]

=============== Created Last 30 ================

2008-12-05 10:09 <DIR> --d----- C:\_OTMoveIt

2008-12-05 10:06 245,760 a------- c:\arquivos de programas\Uninstall Ask Toolbar.dll

2008-12-05 01:08 400,384 a------- c:\windows\system32\CF32486.exe

2008-12-05 01:08 <DIR> --d----- C:\ComboFix

2008-12-05 00:54 161,792 a------- c:\windows\SWREG.exe

2008-12-05 00:54 98,816 a------- c:\windows\sed.exe

2008-12-05 00:54 400,384 a------- c:\windows\system32\CF29733.exe

2008-12-05 00:50 <DIR> --dshr-- C:\cmdcons

2008-12-05 00:50 <DIR> --d----- c:\windows\setup.pss

2008-12-03 22:32 <DIR> --d----- c:\arquivos de programas\Picasa2

2008-11-30 14:14 250 a------- c:\windows\gmer.ini

2008-11-29 23:23 0 ---sh--- c:\windows\system32\MEGATRON.ini

2008-11-15 21:36 <DIR> --dsh--- C:\FOUND.029

2008-11-10 13:33 2,463,976 a------- c:\windows\system32\NPSWF32.dll

2008-11-10 13:33 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe

2008-11-10 13:30 <DIR> --d----- c:\arquivos de programas\Bonjour

2008-11-10 13:27 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Macrovision Shared

2008-11-10 13:20 32 a------- c:\windows\CD_Start.INI

==================== Find3M ====================

2008-11-29 22:28 53,966 a------- c:\windows\system32\cont_dcads-remove.exe

2008-11-02 13:58 <DIR> --d----- c:\arquivos de programas\SopCast

2008-11-02 13:58 <DIR> --d----- c:\arquivos de programas\Megacubo

2008-11-02 10:07 <DIR> --d----- c:\arquivos de programas\OnGame

2008-10-18 10:48 <DIR> --d----- c:\arquivos de programas\vestgame

2008-07-18 13:09 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\NexonUS

2008-06-27 21:24 <DIR> --d----- c:\docume~1\desktop\dadosd~1\uTorrent

2008-05-14 22:48 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\WEBREG

2008-05-11 23:14 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\MSScanAppDataDir

2008-03-30 21:57 <DIR> --d----- c:\docume~1\desktop\dadosd~1\GARMIN

2008-03-09 00:02 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Babylon

2008-03-09 00:02 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Babylon

2008-02-02 20:26 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Morpheus Software

2008-02-02 20:06 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Corel

2007-12-22 12:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Grisoft

2007-11-19 06:36 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Nero

2007-10-31 14:05 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Publish Providers

2007-10-31 13:52 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Sony

2007-10-31 13:41 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Sony Setup

2007-09-23 22:07 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Adssite Advanced Toolbar

2007-09-23 20:40 <DIR> --d----- c:\docume~1\desktop\dadosd~1\LimeWire

2007-09-14 17:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Windows Live Toolbar

2007-08-01 11:12 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Tibia

2007-05-21 00:50 <DIR> --d----- c:\docume~1\desktop\dadosd~1\AdobeAUM

2007-05-12 14:09 <DIR> --d----- c:\docume~1\desktop\dadosd~1\MusicIP

2007-02-07 17:22 <DIR> --d----- c:\docume~1\desktop\dadosd~1\AVG7

2007-02-07 17:22 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\avg7

2007-02-06 01:06 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2007-01-20 23:17 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2006-12-24 22:25 <DIR> --d----- c:\docume~1\desktop\dadosd~1\SecondLife

2006-12-17 14:03 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\POPWWPROFILES

2006-12-05 12:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Ahead

2006-11-19 00:52 <DIR> --d----- c:\docume~1\desktop\dadosd~1\.bittorrent

2006-09-11 22:04 <DIR> --d----- c:\docume~1\desktop\dadosd~1\UOL

2006-09-11 22:04 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\UOL

2006-09-08 22:36 <DIR> --d----- c:\docume~1\desktop\dadosd~1\NewSoft

2006-09-08 22:15 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Newsoft

2006-08-26 21:53 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Ulead Systems

2006-08-26 21:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\SmartSound Software Inc

2008-02-02 20:58 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys

2008-02-02 20:06 8 ---shr-- c:\windows\system32\A2833A862F.sys

2008-02-10 01:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\dados de aplicativos\microsoft\feeds cache\index.dat

============= FINISH: 10:35:05.68 ===============

Abraços,

Fazin.^_^

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Imprima ou salve estas instruções, pois vais segui-las sem acesso à internet

Elimine as pastas:

c:\windows\system32\CF32486.exe <- este arquivo

c:\windows\system32\CF29733.exe <- este arquivo

C:\ComboFix <- esta pasta

Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização)

Execute agora o ComboFix e depois cole o resultado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mesmo em modo seguro e após deletar tais itens ainda ocorre o erro de tela azul.

Abraços

Fazin.:wacko:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

Vamos utilizar outra ferramenta para termos mais informação sobre o que se passa no seu computador.

  • Faça o download do RSIT - random's system information tool by random/random e salve no seu desktop.
  • Duplo clique em RSIT.exe para a ferramenta ser executada.
  • Na janela que abrir (disclamer), clique em Continue.
  • Quando a ferramenta terminar de rodar, abrirá um documento do Bloco de Notas contendo o resultado do scan. Por favor cole o resultado desse log (log.txt) na sua próxima resposta.
  • Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, aqui seguem os logs:

Logfile of random's system information tool 1.04 (written by random/random)

Run by DESKTOP at 2008-12-05 14:47:49

Microsoft Windows XP Professional Service Pack 2

System drive C: has 10 GB (17%) free of 57 GB

Total RAM: 2047 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:47, on 2008-12-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\DESKTOP\Desktop\RSIT.exe

c:\HiJackThis\DESKTOP.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Documents and Settings\DESKTOP\Meus documentos\Fabricio\vestibular\PDFX3\PDF-XChange 3 Pro\PDF-XChange PDF Viewer\pdf-viewer\PDFXCviewIEPlugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171423742953

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1DB51EC3-F2FB-4794-BC3D-02684895A1B9}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{1DB51EC3-F2FB-4794-BC3D-02684895A1B9}: NameServer = 200.204.0.10 200.204.0.138

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 11544 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

======Scheduled tasks folder======

C:\WINDOWS\tasks\startt.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]

HP Print Clips - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbiehCef.dll [2007-11-29 337992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}]

PDF-XChange Viewer IE-Plugin - C:\Documents and Settings\DESKTOP\Meus documentos\Fabricio\vestibular\PDFX3\PDF-XChange 3 Pro\PDF-XChange PDF Viewer\pdf-viewer\PDFXCviewIEPlugin.dll [2008-08-31 1099032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"=C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe [2008-10-16 590848]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-07 8523776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"=C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe [2003-11-17 176640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Arquivos de programas\Ares\Ares.exe -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]

C:\Arquivos de programas\Advanced Registry Optimizer\aro.exe -rem []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]

C:\WINDOWS\CameraFixer.exe [2005-10-03 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

G:\PROGRAMAS\Corel Photo Downloader.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link D-Link Wireless G DWA-110]

C:\Arquivos de programas\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe [2007-05-04 1662976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

C:\Arquivos de programas\Google\Google Talk\googletalk.exe [2007-01-01 3735552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe [2007-08-04 1056552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe [2005-04-15 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\WINDOWS\system32\NvCpl.dll [2007-12-07 8523776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

C:\WINDOWS\system32\NvMcTray.dll [2007-12-07 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\postSetupCheck]

C:\WINDOWS\system32\gzmrt.dll DllStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Arquivos de programas\QuickTime\qttask.exe [2006-08-26 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe [2007-08-04 2043688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

C:\WINDOWS\SOUNDMAN.EXE [2005-06-14 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]

C:\WINDOWS\system32\{872a266d-9261-99a6-fad7-5bae242ff88a}.dll DllInit []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20]

C:\WINDOWS\system32\sw20.exe [2006-01-02 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]

C:\WINDOWS\system32\sw24.exe [2006-01-02 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVTray]

C:\ARQUIV~1\ENUTV\TVTray.exe [2007-04-26 700416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\AutoDetector\monitor.exe [2005-05-23 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_7 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Arquivos de programas\Winamp\winampa.exe [2008-08-03 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{02629de2-8f71-e015-a946-a1f42a144afe}]

C:\WINDOWS\system32\{872a266d-9261-99a6-fad7-5bae242ff88a}.dll DllStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk]

C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-11-10 295606]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Synchronizer.lnk]

C:\ARQUIV~1\Adobe\ACROBA~2.0\Acrobat\ADOBEC~1.EXE [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

C:\ARQUIV~1\ARQUIV~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-04-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

C:\ARQUIV~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^KYESCAN.lnk]

C:\ARQUIV~1\ScannerU\KYESCAN.exe [2004-02-29 188416]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Assistente Tecnico Speedy.lnk - C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehCef.dll [2007-11-29 337992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__GbPluginAbn]

C:\Arquivos de programas\GbPlugin\gbiehabn.dll [2008-09-26 378792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\Arquivos de programas\GbPlugin\gbiehCef.dll [2007-11-29 337992]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=149

"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

"C:\Arquivos de programas\BitTorrent\btdownloadgui.exe"="C:\Arquivos de programas\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"

"C:\Arquivos de programas\Ares\Ares.exe"="C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares"

"C:\Arquivos de programas\Valve\hl.exe"="C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Arquivos de programas\mIRC\mirc.exe"="C:\Arquivos de programas\mIRC\mirc.exe:*:Enabled:mIRC"

"C:\Arquivos de programas\Valve\hlds.exe"="C:\Arquivos de programas\Valve\hlds.exe:*:Enabled:HLDS Launcher"

"C:\Arquivos de programas\SecondLife\SecondLife.exe"="C:\Arquivos de programas\SecondLife\SecondLife.exe:*:Enabled:Second Life"

"C:\Arquivos de programas\Valve\Steam\SteamApps\fazin_passos\counter-strike\hl.exe"="C:\Arquivos de programas\Valve\Steam\SteamApps\fazin_passos\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Arquivos de programas\Tibia\TibiCAM.exe"="C:\Arquivos de programas\Tibia\TibiCAM.exe:*:Enabled:TibiCAM"

"D:\Músicas\musicas\LimeWire\LimeWire.exe"="D:\Músicas\musicas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Arquivos de programas\Valve\Steam\Steam.exe"="C:\Arquivos de programas\Valve\Steam\Steam.exe:*:Enabled:Steam"

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

"C:\Arquivos de programas\Grisoft\AVG7\avginet.exe"="C:\Arquivos de programas\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"

"C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"

"C:\Arquivos de programas\Grisoft\AVG7\avgemc.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Arquivos de programas\Valve\Steam\SteamApps\fazin_passos\dedicated server\hlds.exe"="C:\Arquivos de programas\Valve\Steam\SteamApps\fazin_passos\dedicated server\hlds.exe:*:Enabled:HLDS Launcher"

"C:\Arquivos de programas\CyberScript32\CyberScript.exe"="C:\Arquivos de programas\CyberScript32\CyberScript.exe:*:Enabled:mIRC"

"C:\Arquivos de programas\Valve\Steam\SteamApps\fazin_passos\condition zero\hl.exe"="C:\Arquivos de programas\Valve\Steam\SteamApps\fazin_passos\condition zero\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Arquivos de programas\Nero\Nero8\Nero Home\NeroHome.exe"="C:\Arquivos de programas\Nero\Nero8\Nero Home\NeroHome.exe:*:Disabled:Nero Home"

"C:\Arquivos de programas\TightVNC\WinVNC.exe"="C:\Arquivos de programas\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server"

"C:\Arquivos de programas\Steam\steamapps\fazin_passos\counter-strike\hl.exe"="C:\Arquivos de programas\Steam\steamapps\fazin_passos\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"

"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"

"C:\Arquivos de programas\Nero\Nero8\Nero ShowTime\ShowTime.exe"="C:\Arquivos de programas\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"

"C:\Arquivos de programas\Winamp Remote\bin\Orb.exe"="C:\Arquivos de programas\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"

"C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe"="C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"

"C:\Arquivos de programas\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Arquivos de programas\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

"C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme"="C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme:*:Enabled:GunBound"

"C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo"

"C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a487287-6185-11dd-b3d1-0017311993d3}]

shell\AutoRun\command - J:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b582d500-eed4-11dc-b23c-0017311993d3}]

shell\AutoRun\command - rs.cmd

shell\explore\command - rs.cmd

shell\open\command - rs.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e57e2b51-2c49-11dd-b31c-0017311993d3}]

shell\AutoRun\command - J:\30ed3.exe

shell\explore\command - J:\30ed3.exe

shell\open\command - J:\30ed3.exe

======List of files/folders created in the last 3 months======

2008-12-05 14:47:49 ----D---- C:\rsit

2008-12-05 11:26:32 ----D---- C:\ComboFix

2008-12-05 11:26:31 ----A---- C:\WINDOWS\system32\CF22587.exe

2008-12-05 11:12:20 ----A---- C:\WINDOWS\ntbtlog.txt

2008-12-05 10:09:05 ----D---- C:\_OTMoveIt

2008-12-05 00:54:06 ----A---- C:\WINDOWS\zip.exe

2008-12-05 00:54:06 ----A---- C:\WINDOWS\VFIND.exe

2008-12-05 00:54:06 ----A---- C:\WINDOWS\SWXCACLS.exe

2008-12-05 00:54:06 ----A---- C:\WINDOWS\SWSC.exe

2008-12-05 00:54:06 ----A---- C:\WINDOWS\SWREG.exe

2008-12-05 00:54:06 ----A---- C:\WINDOWS\sed.exe

2008-12-05 00:54:06 ----A---- C:\WINDOWS\NIRCMD.exe

2008-12-05 00:54:06 ----A---- C:\WINDOWS\grep.exe

2008-12-05 00:54:06 ----A---- C:\WINDOWS\fdsv.exe

2008-12-05 00:50:58 ----ASH---- C:\BOOT.BAK

2008-12-05 00:50:37 ----RSHD---- C:\cmdcons

2008-12-05 00:50:37 ----A---- C:\WINDOWS\UPGRADE.TXT

2008-12-05 00:50:20 ----D---- C:\WINDOWS\setup.pss

2008-12-05 00:34:35 ----D---- C:\WINDOWS\ERDNT

2008-12-05 00:34:35 ----D---- C:\Qoobox

2008-12-03 22:32:32 ----D---- C:\Arquivos de programas\Picasa2

2008-11-30 14:14:59 ----A---- C:\WINDOWS\gmer.ini

2008-11-30 14:14:58 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-30 14:14:58 ----A---- C:\WINDOWS\gmer.exe

2008-11-30 14:14:58 ----A---- C:\WINDOWS\gmer.dll

2008-11-29 23:23:03 ----SH---- C:\WINDOWS\system32\MEGATRON.ini

2008-11-15 21:36:12 ----SHD---- C:\FOUND.029

2008-11-10 13:33:51 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe

2008-11-10 13:33:51 ----A---- C:\WINDOWS\system32\NPSWF32.dll

2008-11-10 13:30:03 ----D---- C:\Arquivos de programas\Bonjour

2008-11-10 13:27:18 ----D---- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-11-10 13:20:43 ----A---- C:\WINDOWS\CD_Start.INI

2008-11-04 22:31:27 ----A---- C:\WINDOWS\IsUn0416.exe

2008-11-02 13:58:31 ----D---- C:\Arquivos de programas\SopCast

2008-11-02 13:58:12 ----D---- C:\Arquivos de programas\Megacubo

2008-11-02 10:07:13 ----D---- C:\Arquivos de programas\OnGame

2008-10-19 01:28:20 ----SHD---- C:\FOUND.028

2008-10-18 10:48:38 ----D---- C:\Arquivos de programas\vestgame

2008-10-17 08:29:16 ----A---- C:\WINDOWS\system32\hidserv.dll

2008-10-07 20:00:39 ----A---- C:\WINDOWS\system32\cont_dcads-remove.exe

2008-09-28 09:26:35 ----D---- C:\Arquivos de programas\Winamp Remote

2008-09-27 12:51:44 ----A---- C:\WINDOWS\system32\pxc25pm.dll

2008-09-27 12:51:18 ----A---- C:\WINDOWS\system32\unicows.dll

2008-09-08 18:41:14 ----D---- C:\WINDOWS\system32\CatRoot_bak

======List of files/folders modified in the last 3 months======

2008-12-05 11:23:44 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-05 00:51:02 ----RASH---- C:\boot.ini

2008-12-03 22:40:22 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-21 17:21:32 ----A---- C:\WINDOWS\Pex.INI

2008-11-20 19:23:58 ----A---- C:\WINDOWS\GECKOS.INI

2008-11-15 13:49:46 ----A---- C:\WINDOWS\win.ini

2008-11-14 19:07:04 ----A---- C:\WINDOWS\system.ini

2008-10-22 12:29:20 ----A---- C:\WINDOWS\SCNDRVU.INI

2008-10-22 12:15:16 ----A---- C:\kye.tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; \??\C:\WINDOWS\system32\drivers\AsIO.sys []

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-12-22 821856]

R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-12-22 4224]

R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-12-22 27776]

R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-22 10760]

R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-06-13 15232]

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-08-04 38952]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]

R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []

R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-12-22 4960]

R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-01-27 9728]

R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Protocolo de transporte compatível; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]

R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-28 63232]

R2 NwlnkSpx;Protocolo NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-28 55936]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-16 2323072]

R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2003-11-17 21376]

R3 Arp1394;Protocolo cliente 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]

R3 E1000;Intel® PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-11-21 176128]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]

R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]

R3 NIC1394;Driver de rede 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-07 7435648]

R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]

R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-01-22 9856]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-08-04 125224]

S1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-08-04 40488]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

S2 bsaspi32;bsaspi32; C:\WINDOWS\system32\drivers\bsaspi32.sys []

S3 61883;Dispositivo de unidade 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]

S3 Avc;Dispositivo AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 ddsxeiservice;ddsxeiservice2; \??\C:\Arquivos de programas\sXe Injected\ddsxei.sys []

S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-30 85969]

S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys []

S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys []

S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys []

S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys []

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

S3 MPE;Filtro BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]

S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\ARQUIV~1\COMMON~1\Motive\MRENDIS5.SYS []

S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]

S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []

S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []

S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2006-12-21 429440]

S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 SoC PC-Camera Service;SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-07-28 136576]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 tgiul50;tgiul50; C:\WINDOWS\system32\DRIVERS\tgiulnt5.sys [2001-08-17 138528]

S3 TridVid;ENUTV; C:\WINDOWS\system32\DRIVERS\TridVid.sys [2005-12-28 108544]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

Continua...

Compartilhar este post


Link para o post
Compartilhar em outros sites

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ANIWZCSdService;ANIWZCSd Service; C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe [2007-12-22 418816]

R2 Avg7UpdSvc;AVG7 Update Service; C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe [2007-12-22 49664]

R2 AVGEMS;AVG E-mail Scanner; C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe [2007-12-22 406528]

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2006-02-28 229376]

R2 hpqddsvc;Serviço de Descoberta de dispositivos CUE HP; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe [2007-08-04 1440040]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-07 155716]

R2 NWCWorkstation;Serviço de cliente para NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]

R2 UleadBurningHelper;Ulead Burning Helper; C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]

R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 Adobe LM Service;Adobe LM Service; C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-08-31 69632]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-10 654848]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]

S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 stllssvr;stllssvr; C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe [2007-05-03 74656]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-12-05 14:48:02

======Uninstall list======

-->C:\ARQUIV~1\ASSIST~1\Uninstall.exe telefonica

-->C:\Arquivos de programas\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Arquivos de programas\USBToolbox\setup.exe

-->C:\WINDOWS\NuNInst.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

98SE-->"C:\Arquivos de programas\initio\unins000.exe"

Add or Remove Adobe Creative Suite 3 Web Premium-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\247961ef275e20c5cb073c36394ac32\Setup.exe

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Creative Suite 3 Web Premium-->MsiExec.exe /I{C347D234-93D8-4595-BDAA-C04638B23B48}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}

Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop 7.0-->C:\WINDOWS\ISUN0416.EXE -f"C:\Arquivos de programas\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Arquivos de programas\Adobe\Photoshop 7.0\Uninst.dll"

Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}

Adobe Setup-->MsiExec.exe /I{6A5D1A94-624A-4D20-B178-3A283B500370}

Adobe Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

Adssite Games Collection-->C:\Arquivos de programas\Adssite Games Collection\uninstall.exe

AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}

ANIO Service-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"

ANIWZCS2 Service-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"

AnyDVD-->"C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Arquivos de programas\SlySoft\AnyDVD"

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Assistente Técnico Speedy-->C:\WINDOWS\Motive\telefonica\MCCUninst.exe

Atualização de Segurança para o Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Atualização para Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Atualização para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Atualização para Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Atualização para Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Atualização para Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Atualização para Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Atualização para Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Atualização para Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Atualização para Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Atualização para Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Atualização para Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Atualização para Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

Atualização para Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"

Atualização para Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"

Atualização para Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"

Atualização para Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Atualização para Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

AVG 7.5-->C:\Arquivos de programas\Grisoft\AVG7\setup.exe /UNINSTALL

Browser Optimizer Dcads-->C:\WINDOWS\system32\dcads-remove.exe

Combat Arms-->"C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US

Contextual Tool Dcads-->C:\WINDOWS\system32\cont_dcads-remove.exe

Counter-Strike 1.6-->C:\Arquivos de programas\Valve\Desinstalar.exe

Counter-Strike 1.6-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x9

Counter-Strike-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}

Counter-Strike-->"C:\Arquivos de programas\Steam\steam.exe" steam://uninstall/10

CyberScript v3.2-->"C:\Arquivos de programas\CyberScript32\unins000.exe"

Dcads Games Collection-->C:\Arquivos de programas\Dcads Games Collection\uninstall.exe

DivX Codec 3.1alpha release-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf

D-Link Wireless G DWA-110-->C:\Arquivos de programas\InstallShield Installation Information\{5F753314-628E-4C13-B8AE-BFA7FD514CBE}\setup.exe -runfromtemp -l0x0816 -removeonly

Enhancement Browser Tools Rightonadz-->C:\WINDOWS\system32\rightonadz-uninst.exe

Enhancement Browser Tools Superiorads-->C:\WINDOWS\system32\widtuomsytzh.exe

ENUTV-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{7B17FD8F-80AD-4935-8430-7930CE0FBDBA}\setup.exe" -l0x9 -removeonly

Garmin MapSource-->MsiExec.exe /X{5AB07385-ECE4-4CC6-886F-90669F2CB796}

Garmin POI Loader-->MsiExec.exe /X{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}

Garmin Training Center 3.2.3-->MsiExec.exe /X{561F6A76-DCB0-11DB-8314-0800200C9A66}

Genius Scanner-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{CCEB2144-5F5D-49E8-AADC-05CA48AE9AA5}\setup.exe"

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Google Talk (remove only)-->"C:\Arquivos de programas\Google\Google Talk\uninstall.exe"

GunboundWC-->"C:\Arquivos de programas\OnGame\unins000.exe"

HijackThis 2.0.2-->"c:\HiJackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

HP Customer Participation Program 9.0-->C:\Arquivos de programas\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 9.0-->C:\Arquivos de programas\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart Essential 2.01-->C:\Arquivos de programas\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Photosmart Printer Software 9.0-->C:\Arquivos de programas\HP\Digital Imaging\{47253C9A-7269-4be7-8BFE-50470F6897FE}\setup\hpzscr01.exe -datfile hposcr16.dat

HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}

HP Solution Center 9.0-->C:\Arquivos de programas\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}

HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}

Intel® PRO Network Connections Drivers-->Prounstl.exe

InterVideo DVDCopy-->"C:\Arquivos de programas\InstallShield Installation Information\{DD28F8FE-CC0B-47BD-A833-CBBC19D6A8E2}\setup.exe" --u:{DD28F8FE-CC0B-47BD-A833-CBBC19D6A8E2}

IRPF2007 - Declaração de Ajuste Anual-->C:\ARQUIV~1\PROGRA~1\IRPF2007\UNWISE.EXE C:\ARQUIV~1\PROGRA~1\IRPF2007\INSTALL.LOG

IRPF2008 - Declaração de Ajuste Anual-->C:\ARQUIV~1\PROGRA~2\IRPF2008\UNWISE.EXE C:\ARQUIV~1\PROGRA~2\IRPF2008\INSTALL.LOG

IRPF2008 Windows - Declaração de Ajuste Anual-->C:\ARQUIV~1\PROGRA~2\IRPF20~1\UNWISE.EXE C:\ARQUIV~1\PROGRA~2\IRPF20~1\INSTALL.LOG

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

JBatch It! v4.57-->"C:\Arquivos de programas\JBatch It! 4\unins000.exe"

Luxor -->"C:\Arquivos de programas\Atrativa Games\Luxor\uninstall.exe"

MediaRECOVER Lite-->C:\WINDOWS\unvise32.exe g:\programas\MediaRECOVER Lite\uninstal.log

Megacubo 5.0.8-->"C:\Arquivos de programas\Megacubo\unins000.exe"

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

mIRC-->"C:\Arquivos de programas\CyberScript32\CyberScript.exe" -uninstall

Morpheus Photo Morpher v3.01-->"G:\PROGRAMAS\Morpheus Photo Morpher\unins000.exe"

Motorola Driver Installation-->MsiExec.exe /I{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4}

Mozilla Firefox (3.0.4)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

MP3 Player Utilities 3.68-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

Nero 8-->MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1046}

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

PC Camera-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{02BD1C19-5946-4420-BAE3-F742686B3D43} /l2070

PC Probe II-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

PDF-Viewer-->"C:\Documents and Settings\DESKTOP\Meus documentos\Fabricio\vestibular\PDFX3\PDF-XChange 3 Pro\PDF-XChange PDF Viewer\unins000.exe"

PDF-XChange 3 Pro-->"C:\Documents and Settings\DESKTOP\Meus documentos\Fabricio\vestibular\PDFX3\PDF-XChange 3 Pro\unins000.exe"

Picasa 2-->"C:\Arquivos de programas\Picasa2\Uninstall.exe"

PokerStars-->"C:\Arquivos de programas\PokerStars\PokerStarsUninstall.exe" /u:PokerStars

Presto! ImageFolio 4.2-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{783033B0-D8E6-11D5-9293-0050BA073EEC}\setup.EXE" -l0x816

Presto! Mr. Photo-->C:\WINDOWS\IsUn0816.exe -f"C:\Arquivos de programas\NewSoft\MrPhoto16\DeIsL1.isu"

Prince of Persia Warrior Within-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{EE5BC0BB-9EDA-423C-8276-48857B735D68}\Setup.exe" -l0x9

QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

Realtek AC'97 Audio-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x416 -removeonly

Receitanet 2008-->C:\WINDOWS\DesinstRecnet.exe

Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Search Assistant Mysidesearch-->C:\WINDOWS\system32\sgwzatmpdwpnryy.dll-uninst.exe

Security Update para o produto Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

Skype 2.5-->"C:\Arquivos de programas\Skype\Phone\unins000.exe"

SmartSound Quicktracks Plugin-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}

Socialnetworking Helper Adssite-->C:\WINDOWS\system32\AdssiteSocial-uninstall.exe

Socialnetworking Helper Dcads-->C:\WINDOWS\system32\DcadsSocial-uninstall.exe

Sony Noise Reduction Plug-In 2.0e-->MsiExec.exe /X{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}

Sony Sound Forge 9.0-->MsiExec.exe /X{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}

SopCast 3.0.3-->C:\Arquivos de programas\SopCast\uninst.exe

Speedy-->C:\Arquivos de programas\Telefonica\Speedy\Uninstal.exe

Spybot - Search & Destroy 1.4-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins000.exe"

Spybot - Search & Destroy-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins001.exe"

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

sXe Injected-->"C:\Arquivos de programas\sXe Injected\uninstall.exe"

Tengwar Scribe-->C:\ARQUIV~1\TENGSC~1\UNWISE.EXE C:\ARQUIV~1\TENGSC~1\INSTALL.LOG

The Sims 2-->C:\Arquivos de programas\EA GAMES\The Sims 2\EAUninstall.exe

Tibia-->"C:\Arquivos de programas\Tibia\unins000.exe"

TibiaBot NG 4.7.9-->"C:\Arquivos de programas\TibiaBot NG\unins000.exe"

Tracksource Roteável Complementar - 5.04 2008-03-16-->"C:\Arquivos de programas\Tracksource\TRC-Sudeste\unins000.exe"

Tracksource Roteável Complementar - 5.04a 2008-03-29-->"C:\Arquivos de programas\Tracksource\TRC-Brasil\unins000.exe"

Tracksource Roteável Integrado 5.04-->"C:\Arquivos de programas\Tracksource\Teste\TRI\unins000.exe"

Tracksource Roteável Rodoviário 5.02-->"C:\Arquivos de programas\Tracksource\Rodoviario\unins000.exe"

Tracksource Roteável Urbano - 2008-01-6-->"C:\Arquivos de programas\Tracksource\TRU-Brasil\unins000.exe"

Ulead COOL 360-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{AC1FBAF2-2B8D-4E9D-B881-37D1A52E77C5}\setup.exe" -l0x9

Ulead Photo Explorer 8.6-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{025C3792-E9C6-432A-92C1-661F99D021CA}\setup.exe" -l0x9

Ulead PhotoImpact 11-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{C8550C86-A712-4219-AD4C-038C9FD1D149}\setup.exe" -l0x9

Ulead VideoStudio 9.0-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{88F92798-59AB-474F-B40D-1EC5F782F7EE}\setup.exe" -l0x9

UOL Fone-->C:\Arquivos de programas\UOL\UOLFone\UOLFone.exe -d

USB Mass Storage Toolbox-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{62B002C5-1AB3-11D8-8092-00E018B21FC0}\Setup.exe"

USB PC Camera Plus-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\Setup.exe" -l0x9

USB Vibration Joystick-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{BA12FD6C-169A-11D7-A6A9-00C026281E5A}\setup.exe" -l0x9

Winamp-->"C:\Arquivos de programas\Winamp\UninstWA.exe"

WinAVIVideoConverter-->"C:\Arquivos de programas\WinAVIVideoConverter\unins000.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live Messenger-->MsiExec.exe /I{37FD253D-5064-4034-8CEC-CC3995F823A4}

Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}

Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

WinHex-->C:\Arquivos de programas\WinHex\WinHex.exe uninst

WinZip 11.2-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}

World Of Kungfu client 1.0.36-->C:\Arquivos de programas\vestgame\wokf\uninst.exe

XP Codec Pack-->C:\Arquivos de programas\XP Codec Pack\Uninstall.exe

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.entretieneteds.vze.com

O2 - BHO: dcads - {02d6cf25-12b4-25d4-9650-9bb05537abd5} - C:\WINDOWS\system32\nswC.dll

O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll

O2 - BHO: mysidesearch browser optimizer - {6abf038a-1de9-5137-ed28-dc9c34deb231} - C:\WINDOWS\system32\{6454fc2d-ea9b-8e13-9185-302941ad324c}.dll (file missing)

O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsb371.dll (file missing)

O2 - BHO: rightonads optimizer - {7D9362F8-77D8-4b29-97B5-621D550890C0} - C:\WINDOWS\system32\gzmrt.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: superiorads browser optimizer - {d68b6262-fa49-5bda-7d6e-9940862a1730} - C:\WINDOWS\system32\mqftqkxqhnskvoi.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [lsass47.exe] C:\WINDOWS\system32\lsass47.exe

O4 - HKLM\..\Run: [{02629de2-8f71-e015-a946-a1f42a144afe}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\mqftqkxqhnskvoi.dll" DllStart

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Google Update Service (gupdate1c8e3e5b5320cd2) (gupdate1c8e3e5b5320cd2) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O2 - BHO: rightonadz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll (file missing)

O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Arquivos de programas\Google\Update\1.2.131.11\GoopdateBho.dll

======Hosts File======

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

======Security center information======

AV: AVG 7.5.552

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\Arquivos comuns\Ulead Systems\MPEG;C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel

"PROCESSOR_REVISION"=0403

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Abraços,

Fazin.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Duplo-Clique no icone otmi3desktopicon.png que está no seu desktop.

Copie o texto que está abaixo dentro do "Code" e cole na área abaixo de pasteline.png:


:processes
explorer.exe
:files
C:\WINDOWS\system32\gzmrt.dll
C:\WINDOWS\system32\{872a266d-9261-99a6-fad7-5bae242ff88a}.dll
:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\postSetupCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{02629de2-8f71-e015-a946-a1f42a144afe}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a487287-6185-11dd-b3d1-0017311993d3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b582d500-eed4-11dc-b23c-0017311993d3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e57e2b51-2c49-11dd-b31c-0017311993d3}]
:commands
[EmptyTemp]
[Reboot]

Clique agora no botão btnmoveit.png

Caso apareça o aviso para reiniciar o computador, faça isso.

Na sua proxima resposta, copie e cole o todo o conteúdo que está em results.png

Gere e cole também um novo log do DDS.

Se o computador reiniciou e não lhe foi possível copiar o resultado, abra o Bloco de Notas (Iniciar ~> Programs ~> Acessorios ~> Bloco de Notas), clique em Arquivo ~> Abrir e na caixa "Nome do Arquivo", coloque *.log e dê enter; Procure a pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe a demora, aqui seguem os logs:

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder C:\WINDOWS\system32\gzmrt.dll not found.

File/Folder C:\WINDOWS\system32\{872a266d-9261-99a6-fad7-5bae242ff88a}.dll not found.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\postSetupCheck\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{02629de2-8f71-e015-a946-a1f42a144afe}\\ deleted successfully.

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a487287-6185-11dd-b3d1-0017311993d3}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b582d500-eed4-11dc-b23c-0017311993d3}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e57e2b51-2c49-11dd-b31c-0017311993d3}\\ deleted successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12072008_124015

Agora o novo DDS:

DDS (Version 1.0) - FAT32x86

Run by DESKTOP at 12:44:19.18 on 2008-12-07

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.2047.1581 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

SVCHOST.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\DESKTOP\Meus documentos\Fabricio\pc\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: {0347C33E-8762-4905-BF09-768834316C61} - c:\arquivos de programas\hp\smart web printing\hpswp_printenhancer.dll

BHO: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\arquivos de programas\hp\smart web printing\hpswp_framework.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_03\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\arquivos de programas\gbplugin\gbiehCef.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - c:\arquiv~1\gbplugin\gbiehabn.dll

BHO: {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - c:\documents and settings\desktop\meus documentos\fabricio\vestibular\pdfx3\pdf-xchange 3 pro\pdf-xchange pdf viewer\pdf-viewer\PDFXCviewIEPlugin.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [MsnMsgr] "c:\arquivos de programas\msn messenger\MsnMsgr.Exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AVG7_CC] c:\arquiv~1\grisoft\avg7\avgcc.exe /STARTUP

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [AVG7_Run] c:\arquiv~1\grisoft\avg7\avgw.exe /RUNONCE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\assist~1.lnk - c:\arquivos de programas\assistente tecnico speedy\bin\matcli.exe

IE: Append to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter destino de link em Adobe PDF - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter destino de link em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter links selecionados em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_03\bin\ssv.dll

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

Notify: GbPluginAbn - c:\arquiv~1\gbplugin\gbiehabn.dll

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll

Notify: __GbPluginAbn - c:\arquivos de programas\gbplugin\gbiehabn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\gbplugin\gbiehCef.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399007} - c:\arquiv~1\gbplugin\gbiehabn.dll

LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

? GbpSv;GbpSv; []

S2 bsaspi32;bsaspi32; []

S3 ddsxeiservice;ddsxeiservice2;\??\c:\arquivos de programas\sxe injected\ddsxei.sys [2008-7-7 43392]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys []

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys []

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys []

S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys []

S3 tgiul50;tgiul50;c:\windows\system32\drivers\tgiulnt5.sys [2008-3-9 138528]

S3 TridVid;ENUTV;c:\windows\system32\drivers\TridVid.sys [2007-11-29 108544]

=============== Created Last 30 ================

2008-12-05 15:13 38 a------- c:\windows\AviSplitter.INI

2008-12-05 15:12 54,156 a---h--- c:\windows\QTFont.qfn

2008-12-05 15:12 1,409 a------- c:\windows\QTFont.for

2008-12-05 11:26 <DIR> --d----- C:\ComboFix

2008-12-05 11:26 400,384 a------- c:\windows\system32\CF22587.exe

2008-12-05 10:09 <DIR> --d----- C:\_OTMoveIt

2008-12-05 00:54 161,792 a------- c:\windows\SWREG.exe

2008-12-05 00:54 98,816 a------- c:\windows\sed.exe

2008-12-05 00:50 <DIR> --dshr-- C:\cmdcons

2008-12-05 00:50 <DIR> --d----- c:\windows\setup.pss

2008-12-03 22:32 <DIR> --d----- c:\arquivos de programas\Picasa2

2008-11-30 14:14 250 a------- c:\windows\gmer.ini

2008-11-29 23:23 0 ---sh--- c:\windows\system32\MEGATRON.ini

2008-11-15 21:36 <DIR> --dsh--- C:\FOUND.029

2008-11-10 13:33 2,463,976 a------- c:\windows\system32\NPSWF32.dll

2008-11-10 13:33 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe

2008-11-10 13:30 <DIR> --d----- c:\arquivos de programas\Bonjour

2008-11-10 13:27 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Macrovision Shared

2008-11-10 13:20 32 a------- c:\windows\CD_Start.INI

==================== Find3M ====================

2008-11-29 22:28 53,966 a------- c:\windows\system32\cont_dcads-remove.exe

2008-11-02 13:58 <DIR> --d----- c:\arquivos de programas\SopCast

2008-11-02 13:58 <DIR> --d----- c:\arquivos de programas\Megacubo

2008-11-02 10:07 <DIR> --d----- c:\arquivos de programas\OnGame

2008-10-18 10:48 <DIR> --d----- c:\arquivos de programas\vestgame

2008-07-18 13:09 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\NexonUS

2008-06-27 21:24 <DIR> --d----- c:\docume~1\desktop\dadosd~1\uTorrent

2008-05-14 22:48 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\WEBREG

2008-05-11 23:14 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\MSScanAppDataDir

2008-03-30 21:57 <DIR> --d----- c:\docume~1\desktop\dadosd~1\GARMIN

2008-03-09 00:02 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Babylon

2008-03-09 00:02 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Babylon

2008-02-02 20:26 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Morpheus Software

2008-02-02 20:06 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Corel

2007-12-22 12:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Grisoft

2007-11-19 06:36 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Nero

2007-10-31 14:05 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Publish Providers

2007-10-31 13:52 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Sony

2007-10-31 13:41 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Sony Setup

2007-09-23 22:07 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Adssite Advanced Toolbar

2007-09-23 20:40 <DIR> --d----- c:\docume~1\desktop\dadosd~1\LimeWire

2007-09-14 17:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Windows Live Toolbar

2007-08-01 11:12 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Tibia

2007-05-21 00:50 <DIR> --d----- c:\docume~1\desktop\dadosd~1\AdobeAUM

2007-05-12 14:09 <DIR> --d----- c:\docume~1\desktop\dadosd~1\MusicIP

2007-02-07 17:22 <DIR> --d----- c:\docume~1\desktop\dadosd~1\AVG7

2007-02-07 17:22 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\avg7

2007-02-06 01:06 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2007-01-20 23:17 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2006-12-24 22:25 <DIR> --d----- c:\docume~1\desktop\dadosd~1\SecondLife

2006-12-17 14:03 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\POPWWPROFILES

2006-12-05 12:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Ahead

2006-11-19 00:52 <DIR> --d----- c:\docume~1\desktop\dadosd~1\.bittorrent

2006-09-11 22:04 <DIR> --d----- c:\docume~1\desktop\dadosd~1\UOL

2006-09-11 22:04 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\UOL

2006-09-08 22:36 <DIR> --d----- c:\docume~1\desktop\dadosd~1\NewSoft

2006-09-08 22:15 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Newsoft

2006-08-26 21:53 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Ulead Systems

2006-08-26 21:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\SmartSound Software Inc

2008-02-02 20:58 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys

2008-02-02 20:06 8 ---shr-- c:\windows\system32\A2833A862F.sys

2008-02-10 01:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\dados de aplicativos\microsoft\feeds cache\index.dat

============= FINISH: 12:44:41.98 ===============

O problema do yoog search ainda permanece.

Aguardando resposta.

Abraços,

Fazin.:rolleyes:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Baixe o ATF-Cleaner.

  • Clique em ATF-Cleaner.exe .
  • Em "Select Files To Delete", marque Select All.
  • Clique em Empty Selected.
  • Na janela Done Cleaning dê o OK e Exit.

Atenção: Se utiliza o Firefox:

  • No topo clique em Firefox e escolha: Select All
  • Depois, clique em Empty Selected.

Atenção: Se utiliza o Opera:

  • No topo clique em Opera e escolha: Select All
  • Depois, clique em Empty Selected.

Temporariamente desactive o seu anti-virus!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e cole-o na sua próxima mensagem.

    [*]Gere e cole também um novo log do HijackThis.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Kaspersky:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Tuesday, December 9, 2008

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Tuesday, December 09, 2008 13:41:29

Records in database: 1447097

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

Scan statistics:

Files scanned: 145725

Threat name: 13

Infected objects: 22

Suspicious objects: 0

Duration of the scan: 01:35:12

File name / Threat name / Threats count

C:\Arquivos de programas\Mozilla Firefox\components\nsBrowserCmp.dll/C:\Arquivos de programas\Mozilla Firefox\components\nsBrowserCmp.dll Infected: Trojan.Win32.Vapsup.lsp 1

C:\WINDOWS\system32\nse16.dll Infected: not-a-virus:AdWare.Win32.Agent.zn 1

C:\Documents and Settings\DESKTOP\Meus documentos\Fabricio\pc\OTMoveIt3.exe Infected: Backdoor.Win32.SubSeven.asu 1

C:\Documents and Settings\DESKTOP\Dados de aplicativos\Ahead\Nero BackItUp\Files\i_bpk_lite.exe Infected: not-a-virus:Monitor.Win32.Perflogger.dv 1

C:\Documents and Settings\DESKTOP\Dados de aplicativos\Ahead\Nero BackItUp\Files\i_bpk_lite.exe Infected: not-a-virus:Monitor.Win32.Perflogger.a 2

C:\Arquivos de programas\CyberScript32\CyberScript.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1

C:\Arquivos de programas\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 1

C:\Arquivos de programas\webHancer\whAgent_update.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 1

C:\Arquivos de programas\webHancer\whAgent_update.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 3

C:\Arquivos de programas\Mozilla Firefox\components\nsBrowserCmp.dll Infected: Trojan.Win32.Vapsup.lsp 1

C:\HiJackThis\backups\backup-20080830-110208-665.dll Infected: not-a-virus:AdWare.Win32.Vapsup.awu 1

C:\_OTMoveIt\MovedFiles\12052008_100905\windows\system32\msshell.exe Infected: Trojan-Banker.Win32.Banbra.fbt 1

C:\_OTMoveIt\MovedFiles\12052008_100905\windows\system32\msne.exe Infected: Trojan-Banker.Win32.Agent.f 1

C:\_OTMoveIt\MovedFiles\12052008_100905\windows\system32\wscntfx.exe Infected: Trojan-Banker.Win32.Banker.abac 1

H:\FABRICIO\Fa-musicas\Fabricio-Meus documentos\i_bpk_lite.exe Infected: not-a-virus:Monitor.Win32.Perflogger.dv 1

H:\FABRICIO\Fa-musicas\Fabricio-Meus documentos\i_bpk_lite.exe Infected: not-a-virus:Monitor.Win32.Perflogger.a 2

H:\FABRICIO\Fabricio\CyberScript32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1

H:\FABRICIO\Fazin\CyberScript32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1

The selected area was scanned.

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:57, on 2008-12-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

c:\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Documents and Settings\DESKTOP\Meus documentos\Fabricio\vestibular\PDFX3\PDF-XChange 3 Pro\PDF-XChange PDF Viewer\pdf-viewer\PDFXCviewIEPlugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171423742953

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1DB51EC3-F2FB-4794-BC3D-02684895A1B9}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{1DB51EC3-F2FB-4794-BC3D-02684895A1B9}: NameServer = 200.204.0.10 200.204.0.138

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 11650 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Clique em Iniciar -> Meu Computador

Depois em Ferramentas -> Opções de Pasta

Selecione a aba Modo de exibição

Desmarque:

  • Ocultar arquivos protegidos do sistema operacional (recomendado)
Marque:
  • Mostrar arquivos e pastas ocultos

Se surgir uma mensagem de aviso, clique em Sim

Clique em Aplicar e depois em OK

Utilizando o Windows Explorer, procure e elimine os seguintes Arquivos e as seguintes Pastas:

Obs: Caso não encontre algum dos arquivo(s) ou pasta(s), prossiga com as restantes instruções.

C:\WINDOWS\system32\nse16.dll <- o arquivo

C:\Documents and Settings\DESKTOP\Dados de aplicativos\Ahead\Nero BackItUp\Files\i_bpk_lite.exe <- o arquivo

H:\FABRICIO\Fa-musicas\Fabricio-Meus documentos\i_bpk_lite.exe <- o arquivo

C:\Arquivos de programas\webHancer <-a PASTA

Exemplo:

Para eliminar o arquivo C:\WINDOWS\malware.exe

Duplo-Clique em Meu Computador, ou pressione ao mesmo tempo as teclas: tecla Windows + E.

Duplo-Clique em Disco Local (C:\)

Duplo-Clique na pasta Windows,

Clique direito do mouse em malware.exe e no menu que abrirá, escolha Eliminar

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Gere e cole um Log do DDS e informe como está seu PC agora.

Compartilhar este post


Link para o post
Compartilhar em outros sites

DDS (Version 1.0) - FAT32x86

Run by DESKTOP at 11:59:45.21 on 2008-12-10

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.2047.1564 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

SVCHOST.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\DESKTOP\Meus documentos\Fabricio\pc\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: {0347C33E-8762-4905-BF09-768834316C61} - c:\arquivos de programas\hp\smart web printing\hpswp_printenhancer.dll

BHO: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\arquivos de programas\hp\smart web printing\hpswp_framework.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_03\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\arquivos de programas\gbplugin\gbiehCef.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - c:\arquiv~1\gbplugin\gbiehabn.dll

BHO: {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - c:\documents and settings\desktop\meus documentos\fabricio\vestibular\pdfx3\pdf-xchange 3 pro\pdf-xchange pdf viewer\pdf-viewer\PDFXCviewIEPlugin.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [MsnMsgr] "c:\arquivos de programas\msn messenger\MsnMsgr.Exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AVG7_CC] c:\arquiv~1\grisoft\avg7\avgcc.exe /STARTUP

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [AVG7_Run] c:\arquiv~1\grisoft\avg7\avgw.exe /RUNONCE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\assist~1.lnk - c:\arquivos de programas\assistente tecnico speedy\bin\matcli.exe

IE: Append to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\arquivos de programas\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter destino de link em Adobe PDF - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter destino de link em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter links selecionados em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_03\bin\ssv.dll

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

TCP: {1DB51EC3-F2FB-4794-BC3D-02684895A1B9} = 200.204.0.10 200.204.0.138

Notify: GbPluginAbn - c:\arquiv~1\gbplugin\gbiehabn.dll

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll

Notify: __GbPluginAbn - c:\arquivos de programas\gbplugin\gbiehabn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\gbplugin\gbiehCef.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399007} - c:\arquiv~1\gbplugin\gbiehabn.dll

LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

? GbpSv;GbpSv; []

S2 bsaspi32;bsaspi32; []

S3 ddsxeiservice;ddsxeiservice2;\??\c:\arquivos de programas\sxe injected\ddsxei.sys [2008-7-7 43392]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys []

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys []

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys []

S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys []

S3 tgiul50;tgiul50;c:\windows\system32\drivers\tgiulnt5.sys [2008-3-9 138528]

S3 TridVid;ENUTV;c:\windows\system32\drivers\TridVid.sys [2007-11-29 108544]

=============== Created Last 30 ================

2008-12-09 00:37 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Dev-Cpp

2008-12-09 00:37 <DIR> --d----- C:\Dev-Cpp

2008-12-07 17:26 <DIR> --d----- C:\drivers

2008-12-05 15:13 38 a------- c:\windows\AviSplitter.INI

2008-12-05 15:12 54,156 a---h--- c:\windows\QTFont.qfn

2008-12-05 15:12 1,409 a------- c:\windows\QTFont.for

2008-12-05 11:26 400,384 a------- c:\windows\system32\CF22587.exe

2008-12-05 00:50 <DIR> --dshr-- C:\cmdcons

2008-12-05 00:50 <DIR> --d----- c:\windows\setup.pss

2008-12-03 22:32 <DIR> --d----- c:\arquivos de programas\Picasa2

2008-11-29 23:23 0 ---sh--- c:\windows\system32\MEGATRON.ini

2008-11-15 21:36 <DIR> --dsh--- C:\FOUND.029

2008-11-10 13:33 2,463,976 a------- c:\windows\system32\NPSWF32.dll

2008-11-10 13:33 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe

2008-11-10 13:30 <DIR> --d----- c:\arquivos de programas\Bonjour

2008-11-10 13:27 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Macrovision Shared

2008-11-10 13:20 32 a------- c:\windows\CD_Start.INI

==================== Find3M ====================

2008-11-29 22:28 53,966 a------- c:\windows\system32\cont_dcads-remove.exe

2008-11-02 13:58 <DIR> --d----- c:\arquivos de programas\SopCast

2008-11-02 13:58 <DIR> --d----- c:\arquivos de programas\Megacubo

2008-11-02 10:07 <DIR> --d----- c:\arquivos de programas\OnGame

2008-10-18 10:48 <DIR> --d----- c:\arquivos de programas\vestgame

2008-07-18 13:09 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\NexonUS

2008-06-27 21:24 <DIR> --d----- c:\docume~1\desktop\dadosd~1\uTorrent

2008-05-14 22:48 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\WEBREG

2008-05-11 23:14 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\MSScanAppDataDir

2008-03-30 21:57 <DIR> --d----- c:\docume~1\desktop\dadosd~1\GARMIN

2008-03-09 00:02 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Babylon

2008-03-09 00:02 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Babylon

2008-02-02 20:26 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Morpheus Software

2008-02-02 20:06 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Corel

2007-12-22 12:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Grisoft

2007-11-19 06:36 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Nero

2007-10-31 14:05 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Publish Providers

2007-10-31 13:52 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Sony

2007-10-31 13:41 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Sony Setup

2007-09-23 22:07 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Adssite Advanced Toolbar

2007-09-23 20:40 <DIR> --d----- c:\docume~1\desktop\dadosd~1\LimeWire

2007-09-14 17:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Windows Live Toolbar

2007-08-01 11:12 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Tibia

2007-05-21 00:50 <DIR> --d----- c:\docume~1\desktop\dadosd~1\AdobeAUM

2007-05-12 14:09 <DIR> --d----- c:\docume~1\desktop\dadosd~1\MusicIP

2007-02-07 17:22 <DIR> --d----- c:\docume~1\desktop\dadosd~1\AVG7

2007-02-07 17:22 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\avg7

2007-02-06 01:06 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2007-01-20 23:17 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2006-12-24 22:25 <DIR> --d----- c:\docume~1\desktop\dadosd~1\SecondLife

2006-12-17 14:03 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\POPWWPROFILES

2006-12-05 12:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Ahead

2006-11-19 00:52 <DIR> --d----- c:\docume~1\desktop\dadosd~1\.bittorrent

2006-09-11 22:04 <DIR> --d----- c:\docume~1\desktop\dadosd~1\UOL

2006-09-11 22:04 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\UOL

2006-09-08 22:36 <DIR> --d----- c:\docume~1\desktop\dadosd~1\NewSoft

2006-09-08 22:15 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Newsoft

2006-08-26 21:53 <DIR> --d----- c:\docume~1\desktop\dadosd~1\Ulead Systems

2006-08-26 21:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\SmartSound Software Inc

2008-02-02 20:58 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys

2008-02-02 20:06 8 ---shr-- c:\windows\system32\A2833A862F.sys

2008-02-10 01:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\dados de aplicativos\microsoft\feeds cache\index.dat

============= FINISH: 12:00:08.75 ===============

Ainda no Firefox está com esse "Yoog Search" ele fica como pesquisa padrão e mesmo após deletar ele na lateral superior direita ele reaparece. Isso é o que posso notar de diferente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Navegue até esta página (clique aqui).

Localize nessa página a ferramenta Registry Search Tool e faça o respectivo download.

Retire do arquivo zip (RegSrch.zip] o arquivo RegSrch.vbs e salve-o no seu desktop.

Dê agora duplo clique em RegSrch.vbs.

Um caixa irá surgir, digite yoog

Clique "OK" para a ferramenta ser executada.

Quando terminar, surgirá uma nova caixa informando a quantidade encontrada, clique OK e o resultado irá surgir no Bloco de Notas.

copie e cole esse resultado e cole-o na sua proxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

REGEDIT4

; RegSrch.vbs © Bill James

; Registry search results for string "yoog" 2008-12-13 12:55:53

; NOTE: This file will be deleted when you close WordPad.

; You must manually save this file to a new location if you want to refer to it again later.

; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it\www]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www]

[HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EB01EA3F-CF1B-4BE3-8494-FB9C83C3AE47}]

"URL"="http://www2.yoog.com/search.php?q={searchTerms}"

[HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EB01EA3F-CF1B-4BE3-8494-FB9C83C3AE47}]

"DisplayName"="Yoog Search"

[HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it]

[HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www]

[HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]

[HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]

[HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it]

[HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www]

[HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it]

[HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it\www]

[HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com]

[HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com\www]

[HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it]

[HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\gyoogle.it\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogle.it\www]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

1. Faça um backup ao registro.

  • Clique em Iniciar, depois em Executar e escreva: regedit e dê o OK.
  • Em cima à esquerda, clique em Meu Computador (fica selecionado com a côr azul).
  • Clique em Arquivo, depois em Exportar
  • Escolha "Salvar como"... Arquivos de Registro
  • Coloque o nome: RegBackup
  • Salve-o em C:\
  • Saia do Editor de registro.

2. Clique em Iniciar, Depois em Executar e digite: Notepad e dê OK.

  • Copie (Ctrl+C) e cole (Ctrl+V) o seguinte texto abaixo (começando com Windows Registry Editor Version 5.00) que está dentro da caixa CODE para o seu Bloco de Notas.
  • Certifique-se que copia para dentro de um arquivo do Bloco de Notas e não do Wordpad, senão não funcionará.

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EB01EA3F-CF1B-4BE3-8494-FB9C83C3AE47}]

[-HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EB01EA3F-CF1B-4BE3-8494-FB9C83C3AE47}]

  • Certifique-se que não deixa nenhuma linha em branco antes do "Windows Registry Editor Version 5.00" e deverá ter uma linha em branco no final.
  • Clique em Arquivo e escolha Guardar como.
  • Modifique em Guardar com o tipo: para Todos os Arquivos.
  • Atribua-lhe o nome de Fixreg.reg e salve o arquivo no seu desktop.
  • Ficará com um icone como este: reg.JPG
  • Duplo clique no arquivo Fixreg.reg, que está no desktop. Quando surgir a pergunta, clique em Sim.

3. Faça o download do DelDomains

Não clique duas vezes no DelDomains.inf. Ao invés disso, clique com o botão direito e clique em Instalar.

Aparentemente nada acontece. Isso é normal.

4. Reinicie normalmente o seu pc e na próxima resposta gere e cole um novo log do HijackThis e informe se ainda nota algo no seu pc.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Os mesmos problemas continuam. Yoog search como busca padrão e ele ainda se auto coloca na aba esquerda de pesquisa.

Abraços o log do Hijackthis é:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:17, on 2008-12-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

c:\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Documents and Settings\DESKTOP\Meus documentos\Fabricio\vestibular\PDFX3\PDF-XChange 3 Pro\PDF-XChange PDF Viewer\pdf-viewer\PDFXCviewIEPlugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171423742953

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1DB51EC3-F2FB-4794-BC3D-02684895A1B9}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{1DB51EC3-F2FB-4794-BC3D-02684895A1B9}: NameServer = 200.204.0.10 200.204.0.138

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 11697 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

1. Faça um backup ao registro.

  • Clique em Iniciar, depois em Executar e escreva: regedit e dê o OK.
  • Em cima à esquerda, clique em Meu Computador (fica selecionado com a côr azul).
  • Clique em Arquivo, depois em Exportar
  • Escolha "Salvar como"... Arquivos de Registro
  • Coloque o nome: RegBackup
  • Salve-o em C:\
  • Saia do Editor de registro.

2. Clique em Iniciar, Depois em Executar e digite: Notepad e dê OK.

  • Copie (Ctrl+C) e cole (Ctrl+V) o seguinte texto abaixo (começando com Windows Registry Editor Version 5.00) que está dentro da caixa CODE para o seu Bloco de Notas.
  • Certifique-se que copia para dentro de um arquivo do Bloco de Notas e não do Wordpad, senão não funcionará.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com\www]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com\www]

[-HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\ZoneMap\Domains\yoogee.com]

[-HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\ZoneMap\Domains\yoogee.com\www]

[-HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\ZoneMap\Domains\yoogee.com]

[-HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\ZoneMap\Domains\yoogee.com\www]

[-HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EB01EA3F-CF1B-4BE3-8494-FB9C83C3AE47}]

[-HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EB01EA3F-CF1B-4BE3-8494-FB9C83C3AE47}]

[-HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]

[-HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]

[-HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com]

[-HKEY_USERS\S-1-5-21-2052111302-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com\www]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\yoogee.com\www]

  • Certifique-se que não deixa nenhuma linha em branco antes do "Windows Registry Editor Version 5.00" e deverá ter uma linha em branco no final.
  • Clique em Arquivo e escolha Guardar como.
  • Modifique em Guardar com o tipo: para Todos os Arquivos.
  • Atribua-lhe o nome de Fixreg.reg e salve o arquivo no seu desktop.
  • Ficará com um icone como este: reg.JPG
  • Duplo clique no arquivo Fixreg.reg, que está no desktop. Quando surgir a pergunta, clique em Sim.

3. Reinicie normalmente o seu pc e na próxima resposta gere e cole um novo log do HijackThis e informe se ainda nota algo no seu pc.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×