[Arquivado]Problemas na instalação de anti-vírus AVG

[Pevicasi 0]

Por favor, preciso de ajuda!

 

Toda vez que eu tento instalar o AVG aparece o erro asseguir:

 

Máquina local: falha na instalação Instalação: Erro: Falha na ação correspondente a valor de registro HKLM\SOFTWARE\Classes\AvgDiagFile\shell\open\command:: criando valor de registro.... Acesso negado. (5)

 

Log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at Petronio 16:25:08, on 8/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotlink.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SAPI.SpRecPlayAudio - {00A94BC0-A165-43E4-8A52-7149886963FF} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [systemTray] SysTray.Exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1501EFDC-4130-4CEC-86D3-E544DDF3EE76}: NameServer = 200.249.253.2,200.249.253.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

Desde já obrigado pela atenção.

[jgarcia 1]

Opa Pevicasi,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[Pevicasi 0]

Olá Jgarcia,

 

Eu instalei o ComboFix e ele encontrou 3 arquivos e os deletou.

Eu não encontrei o arquivo ComboFix.txt na unidade C:\ mas encontrei um arquivo com o mesmo nome na pasta C:\ComboFix\ComboFix.txt segue abaixo o log desse arquivo.

 

Log ComboFix:

 

ComboFix 07-10-12.4 - Pedro 2007-10-12 15:34:48.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.212 [GMT -3:00]

Executando de: C:\ComboFix.exe

* Criado um novo ponto de restauro

 

Log HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 15:45, on 2007-10-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotlink.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SAPI.SpRecPlayAudio - {00A94BC0-A165-43E4-8A52-7149886963FF} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [systemTray] SysTray.Exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1501EFDC-4130-4CEC-86D3-E544DDF3EE76}: NameServer = 200.249.253.2,200.249.253.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

Abraço.

[jgarcia 1]

Opa Pevicasi,

 

Baixe o F-Secure Blacklight em:

F-Secure Blacklight

 

Salve-o em sua área de trabalho (desktop) e o execute. Aceite o acordo. Clique em Scan e aguarde.

 

Se ele encontrar algum arquivo, ignore, pois quero apenas o log.

 

Ao final do scan será gerado o arquivo fsbl-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta.

 

Abraços.

[Pevicasi 0]

Opa jgarcia,Ai está o log do F-Secure Blacklight:10/13/06 20:52:39 [info]: BlackLight Engine 1.0.64 initialized10/13/06 20:52:39 [info]: OS: 5.1 build 2600 (Service Pack 2)10/13/06 20:52:39 [Note]: 7019 410/13/06 20:52:39 [Note]: 7005 010/13/06 20:52:45 [Note]: 7006 010/13/06 20:52:45 [Note]: 7011 162810/13/06 20:52:46 [Note]: 7026 010/13/06 20:52:46 [Note]: 7026 010/13/06 20:53:08 [Note]: FSRAW library version 1.7.102210/13/06 20:53:55 [Note]: 7007 0Abraços.

[jgarcia 1]

Opa Pevicasi,

 

Siga as instruções contidas neste tutorial e retorne com o resultado.

 

Abraços.

[Pevicasi 0]

Olá jgarcia,Fiz tudo como manda o Tutorial mas o problema ainda continua.Relatorio do EliBaglA: Mon Oct 15 15:45:23 2007EliBagle v10.60 ©2007 S.G.H. / Satinfo S.L.----------------------------------------------Lista de Acciones (por Acción Directa): Mon Oct 15 15:45:37 2007EliBagle v10.60 ©2007 S.G.H. / Satinfo S.L.----------------------------------------------Lista de Acciones (por Exploración):Explorando Unidad C:\ Mon Oct 15 15:49:13 2007EliBagle v10.60 ©2007 S.G.H. / Satinfo S.L.----------------------------------------------Lista de Acciones (por Exploración):Explorando Unidad C:\Abraços.

[jgarcia 1]

Opa Pevicasi,

 

Baixe o SilentRunners.

 

Extraia o arquivo SilentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

 

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta.

 

Abraços.

 

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

[Pevicasi 0]

Olá jgarcia,

 

Ai está o log do SilentRunners.vbs:

 

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"SystemTray" = "SysTray.Exe" [MS]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" ["Nero AG"]

"ISUSPM Startup" = ""C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup" ["Macrovision Corporation"]

"SMSERIAL" = "sm56hlpr.exe" ["Motorola Inc."]

"TrayHabil" = "C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe" [empty string]

"PowerBar" = "(empty string)" [file not found]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"cleanup" = "(empty string)" [file not found]

"PCPerf" = "*b" (unwritable string) [file not found]

"ISUSPM Startup" = ""C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup" ["Macrovision Corporation"]

"SunJavaUpdateSched" = ""C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{6EF05952-B48D-4944-AA91-57A6A1A48EF8}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL" [null data]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

{C41A1C0E-EA6C-11D4-B1B8-444553540000}\(Default) = "G-Buster Browser Defense"

-> {HKLM...CLSID} = "GbIehObj Class"

\InProcServer32\(Default) = "C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll" ["Banco do Brasil"]

{C41A1C0E-EA6C-11D4-B1B8-444553540003}\(Default) = "G-Buster Browser Defense CEF"

-> {HKLM...CLSID} = "GbIehObj Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\GbPlugin\gbiehCef.dll" ["Caixa Economica Federal"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

-> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{5b4dae26-b807-11d0-9815-00c04fd91972}" = "Menu Band"

-> {HKLM...CLSID} = "Menu Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{8278F931-2A3E-11d2-838F-00C04FD918D0}" = "Tracking Shell Menu"

-> {HKLM...CLSID} = "Tracking Shell Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" = "Menu Site"

-> {HKLM...CLSID} = "Menu Site"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" = "Menu Desk Bar"

-> {HKLM...CLSID} = "Menu Desk Bar"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" = "IShellFolderBand"

-> {HKLM...CLSID} = "IShellFolderBand"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{0E5CBF21-D15F-11d0-8301-00AA005B4383}" = "Lin&ks"

-> {HKLM...CLSID} = "Lin&ks"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{7487cd30-f71a-11d0-9ea7-00805f714772}" = "Thumbnail Image"

-> {HKLM...CLSID} = "Thumbnail Image"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"

-> {HKLM...CLSID} = "GbPluginObj Class"

\InProcServer32\(Default) = "C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll" ["Banco do Brasil"]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook"

\InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"

\InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}" = "GbPlugin ShlObj"

-> {HKLM...CLSID} = "GbPluginObj Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\GbPlugin\gbiehCef.dll" ["Caixa Economica Federal"]

"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "C:\Arquivos de programas\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"

-> {HKLM...CLSID} = "ACDWFTHMBPRXY"

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\AcDwfThmbPrxy16.dll" ["Autodesk"]

"{8932AEFE-9DB6-4f43-AFB2-5682F55E773A}" = "VPCHostCopyHook"

-> {HKLM...CLSID} = "VPCHostCopyHook"

\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Virtual PC\VPCShExH.DLL" [MS]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Dispositivos Plug and Play universais"

-> {HKLM...CLSID} = "Dispositivos Plug and Play universais"

\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"

-> {HKLM...CLSID} = "GbPluginObj Class"

\InProcServer32\(Default) = "C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll" ["Banco do Brasil"]

<<!>> "{E37CB5F0-51F5-4395-A808-5FA49E399003}" = "GbPlugin ShlObj"

-> {HKLM...CLSID} = "GbPluginObj Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\GbPlugin\gbiehCef.dll" ["Caixa Economica Federal"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Autodesk.DWF.ContextMenu\(Default) = "{6C18531F-CA85-45F7-8278-FF33CF0A5964}"

-> {HKLM...CLSID} = "DWFShellExt Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Autodesk shared\dwf common\DWFShellExtension.dll" ["Autodesk, Inc."]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "C:\Arquivos de programas\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "C:\Arquivos de programas\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "C:\Arquivos de programas\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"MemCheckBoxInRunDlg" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoStrCmpLogical" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoSMHelp" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove Help menu from Start Menu}

 

"NoFavoritesMenu" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove Favorites menu from Start Menu}

 

"NoLogOff" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|Logon/Logoff|

Disable Logoff}

 

"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoResolveTrack" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

 

"NoInstrumentation" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoStartBanner" = (REG_BINARY) hex:01 00 00 00

{Remove "Click here to begin" from Start button}

 

"ClassicShell" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Windows Explorer|

Enable Classic Shell / Turn on Classic Shell}

 

"NoFileUrl" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoSimpleStartMenu" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoStartMenuMFUprogramsList" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoStartMenuMorePrograms" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove All Programs list from the Start menu}

 

"NoDFSTab" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoSecurityTab" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Windows Explorer|

Remove Security tab}

 

"NoHardwareTab" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoResolveSearch" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoSMConfigurePrograms" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoSharedDocuments" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Windows Explorer|

Remove Shared Documents from My Computer}

 

"NoTrayContextMenu" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"LockTaskbar" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoTrayItemsDisplay" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Hide the notification area}

 

"NoToolbarsOnTaskbar" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"NoChangeAnimation" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoStrCmpLogical" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoChangeKeyboardNavigationIndicators" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoSMConfigurePrograms" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoSharedDocuments" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoTrayContextMenu" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"LockTaskbar" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoTrayItemsDisplay" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoUserNameInStartMenu" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoSetTaskbar" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoStartMenuEjectPC" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"ForceStartMenuLogoff" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoRecentDocsNetHood" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoStartMenuNetworkPlaces" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoNetworkConnections" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"DisablePersonalDirChange" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"DisableMyPicturesDirChange" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"DisableMyMusicDirChange" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"DisableFavoritesDirChange" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoSMMyDocs" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoWindowsUpdate" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"GreyMSIAds" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoStartMenuPinnedList" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoPropertiesRecycleBin" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoResolveSearch" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"NoSecCPL" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoConfigPage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoVirtMemPage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoDevMgrPage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"DisableLockWorkstation" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoCommonGroups" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

 

"NoUpdateCheck" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

 

HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0\

 

"Disable Advanced" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"Allow Browse" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0\

 

"DragAndDrop" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

"RunStartupScriptSync" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Alegria.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Alegria.bmp"

 

 

Enabled Scheduled Tasks:

------------------------

 

"Aplicativo de ajuste" -> launches: "walign" [file not found]

"User_Feed_Synchronization-{D61CAA54-1BA8-4D9B-BEA4-EBF164338E54}" -> launches: "C:\WINDOWS\system32\msfeedssync.exe sync" [MS]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]

000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 26

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Explorer Bars

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Pesquisar"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"

\InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Pesquisar"

 

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Arquivos de programas\Messenger\msmsgs.exe" [MS]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Autodesk Licensing Service, Autodesk Licensing Service, ""C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe"" ["Autodesk"]

Gbp Service, GbpSv, "C:\Arquivos de programas\GbPlugin\GbpSv.exe" [empty string]

Machine Debug Manager, MDM, ""C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

RaySat_3dsmax8 Server, mi-raysat_3dsmax8, ""C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe"" [null data]

Serviço auxiliar IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}

StarWind iSCSI Service, StarWindService, "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

 

 

---------- (launch time: 2007-10-17 08:32:39)

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 94 seconds, including 18 seconds for message boxes)

 

Abraços.

[jgarcia 1]

Opa Pevicasi,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

[Pevicasi 0]

Opa jgarcia,Abaixo o log do Active Scan da Panda:Incidência Estado Localização Security Risk:HackTool/Gendel.A Não desinfectado C:\WINDOWS\GENDEL32.EXE Spyware:Cookie/Com.com Não desinfectado C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\zr9tqi4w.default\COOKIES.TXT[.uol.com.br/] Spyware:Cookie/Com.com Não desinfectado C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\zr9tqi4w.default\COOKIES.TXT[.ig.com.br/] Spyware:Cookie/HotLog Não desinfectado C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\zr9tqi4w.default\COOKIES.TXT[.hotlog.ru/] Spyware:Cookie/Yadro Não desinfectado C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\zr9tqi4w.default\COOKIES.TXT[.yadro.ru/] Spyware:Cookie/Com.com Não desinfectado C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\zr9tqi4w.default\COOKIES.TXT[.terra.com.br/] Hacktool:Exploit/ByteVerify Não desinfectado C:\WINDOWS\Application Data\Sun\Java\Deployment\CACHE\6.0\56\3929cbb8-3303394c[blackBox.class] Hacktool:Exploit/ByteVerify Não desinfectado C:\WINDOWS\Application Data\Sun\Java\Deployment\CACHE\6.0\56\3929cbb8-3303394c[VerifierBug.class] Hacktool:Exploit/ByteVerify Não desinfectado C:\WINDOWS\Application Data\Sun\Java\Deployment\CACHE\6.0\56\3929cbb8-3303394c[Dummy.class] Hacktool:Exploit/ByteVerify Não desinfectado C:\WINDOWS\Application Data\Sun\Java\Deployment\CACHE\6.0\56\3929cbb8-3303394c[beyond.class] Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\WINDOWS\NirCmd.exe Ferramenta potencialmente indesejada:Application/PassRock Não desinfectado C:\Documents and Settings\Pedro\Meus documentos\Downloads\Serial OURO XP SP2\Kit.de.Ouro Keyfinder.rar[Keyfinder.exe] Ferramenta potencialmente indesejada:Application/PassRock Não desinfectado C:\Documents and Settings\Pedro\Meus documentos\Downloads\Serial OURO XP SP2\Kit.de.Ouro Keyfinder.rar[Keyfinder.exe][findkey.exe] Spyware:Cookie/Cgi-bin Não desinfectado C:\Documents and Settings\Pedro\Cookies\pedro@www1.addfreestats[1].txt Spyware:Cookie/2o7 Não desinfectado C:\Documents and Settings\Pedro\Cookies\pedro@2o7[1].txt Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Pedro\Cookies\pedro@ig.com[1].txt Spyware:Cookie/Cassava Não desinfectado C:\Documents and Settings\Pedro\Cookies\pedro@int.sitestat[2].txt Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Pedro\Cookies\pedro@terra.com[2].txt Spyware:Cookie/Xiti Não desinfectado C:\Documents and Settings\Pedro\Cookies\pedro@xiti[1].txt Spyware:Cookie/GoStats Não desinfectado C:\Documents and Settings\Pedro\Cookies\pedro@gostats[1].txt Spyware:Cookie/bravenetA Não desinfectado C:\Documents and Settings\Pedro\Cookies\pedro@bravenet[2].txt Spyware:Cookie/Overture Não desinfectado C:\Documents and Settings\Pedro\Cookies\pedro@overture[1].txt Spyware:Cookie/myaffiliateprogram Não desinfectado C:\Documents and Settings\Pedro\Cookies\pedro@www.myaffiliateprogram[1].txt Spyware:Cookie/Searchportal Não desinfectado C:\Documents and Settings\Pedro\Cookies\pedro@searchportal.information[1].txt Spyware:Cookie/Azjmp Não desinfectado C:\Documents and Settings\Pedro\Cookies\pedro@azjmp[1].txt Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Pedro\Cookies\pedro@uol.com[2].txt Spyware:Cookie/PointRoll Não desinfectado C:\Documents and Settings\Pedro\Cookies\pedro@ads.pointroll[2].txt Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\ComboFix.exe[nircmd.exe] Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\ComboFix.exe[nircmd.cfexe] Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\ComboFix\nircmd.cfexe Abraços.

[JimmyNewtron 0]

iai cara...pow..na minha opiniao acho q seria melhor você tentar instalar o avast ...eu acho melhor o avast....bom eh issoabraço

[jgarcia 1]

Opa Pevicasi,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\GENDEL32.EXE

C:\WINDOWS\Application Data\Sun\Java\Deployment\CACHE\6.0\56\3929cbb8-3303394c

C:\Documents and Settings\Pedro\Meus documentos\Downloads\Serial OURO XP SP2\Kit.de.Ouro Keyfinder.rar

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da seguintes pastas:

 

C:\!Killbox

C:\QooBox\Quarantine

 

Execute o CCleaner e clique em Executar Limpeza.

 

Execute o Active Scan novamente e veja se ainda detecta algo.

 

Aguardo retorno.

 

Um abraço.

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.