[Resolvido!]Computador estranho

jsereno · Setembro 2, 2008

A minha máquina não acessava a net, mesmo estando tudo aparentemente certo. Reinstalei o windows xp e funcionou legal. Mas eu acho que isso eh coisa de virus e que mesmo reinstalando o windows ele ainda deve ter ficado.

Por favor analisem meus logs. Obrigado.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:30:51, on 2/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\JOÃO SERENO\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [RegistryMechanic] C:\Arquivos de programas\Registry Mechanic\RegMech.exe /H

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1229272821-838170752-682003330-1006\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'Alfreiza')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.hotmail.com

O15 - Trusted Zone: http://bl125w.blu125.mail.live.com

O15 - Trusted Zone: *.live.com

O15 - Trusted Zone: *.msn.com

O15 - Trusted Zone: *.passport.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.Microsoft.com/fwlink/?linkid=39204

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

--

End of file - 5609 bytes

ComboFix 08-09-01.03 - JOÃO SERENO 2008-09-02 19:15:49.13 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.419 [GMT -3:00]

Executando de: C:\Documents and Settings\JOÃO SERENO\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-02 to 2008-09-02 ))))))))))))))))))))))))))))))))

.

2008-09-02 16:49 . 2008-09-02 16:50 <DIR> d-------- C:\WINDOWS\LastGood

2008-09-02 16:39 . 2004-08-03 22:32 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime

2008-09-02 16:38 . 2001-09-06 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-09-02 16:37 . 2008-09-02 16:37 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2008-09-02 16:35 . 2001-09-06 08:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe

2008-09-02 16:35 . 2008-09-02 16:35 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2008-09-02 16:35 . 2008-09-02 16:35 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2008-09-02 16:35 . 2008-09-02 16:35 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2008-09-02 16:35 . 2008-09-02 16:35 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest

2008-09-02 16:35 . 2008-09-02 16:35 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2008-09-02 16:35 . 2008-09-02 16:35 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-09-02 16:27 . 2004-08-04 01:31 1,086,058 -ra------ C:\WINDOWS\SETB6.tmp

2008-09-02 16:27 . 2004-08-04 01:40 1,014,492 -ra------ C:\WINDOWS\SETB3.tmp

2008-09-02 11:18 . 2008-09-02 11:18 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-09-02 11:17 . 2008-09-02 11:19 1,355 --a------ C:\WINDOWS\imsins.BAK

2008-09-02 10:01 . 2008-09-02 12:17 10,325 --a------ C:\WINDOWS\setupapi.old

2008-08-29 11:59 . 2008-08-30 21:11 <DIR> d-------- C:\Arquivos de programas\WorldCast

2008-08-29 02:53 . 2008-08-30 21:11 <DIR> d-------- C:\Arquivos de programas\Cracklock

2008-08-28 16:44 . 2008-08-30 21:11 <DIR> d-------- C:\Arquivos de programas\EmailExOutlook

2008-08-27 13:57 . 2008-08-27 13:57 49 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-21 20:39 . 2005-01-13 16:28 6,832 --a------ C:\WINDOWS\system32\PulseSoundTouchForVB.tlb

2008-08-21 06:45 . 2008-09-02 11:19 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-08-14 14:20 . 2003-08-07 13:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll

2008-08-14 14:20 . 2006-11-18 11:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx

2008-08-14 14:20 . 1998-07-13 17:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL

2008-08-14 14:04 . 2007-04-20 02:28 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-08-14 14:04 . 2007-04-20 02:28 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll

2008-08-09 22:58 . 2008-08-11 22:34 2,752 --a------ C:\WINDOWS\system32\settings.aaw

2008-08-09 17:53 . 2008-08-09 17:53 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-08-09 17:52 . 2008-08-09 17:53 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-08-09 17:23 . 2008-09-02 09:59 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-04 23:47 . 2008-08-04 23:47 <DIR> d-------- C:\Arquivos de programas\Sun

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-02 21:40 --------- d-----w C:\Arquivos de programas\Free Easy Burner

2008-09-02 19:50 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-09-02 12:38 --------- d-----w C:\Arquivos de programas\eMule

2008-08-31 00:11 --------- d-----w C:\Arquivos de programas\Carteiro

2008-08-27 19:21 --------- d-----w C:\Documents and Settings\JOÃO SERENO\Dados de aplicativos\Winamp

2008-08-27 18:40 --------- d-----w C:\Arquivos de programas\Winamp

2008-08-27 16:58 --------- d-----w C:\Documents and Settings\Alfreiza\Dados de aplicativos\Winamp

2008-08-11 21:48 --------- d-----w C:\Arquivos de programas\DigitallyMade

2008-08-09 20:28 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-09 18:25 --------- d-----w C:\Arquivos de programas\Java

2008-08-09 18:24 --------- d-----w C:\Arquivos de programas\filehippo.com

2008-07-22 08:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-07-22 08:15 --------- d-----w C:\Arquivos de programas\Lavasoft

2008-07-22 08:13 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-07-17 16:44 --------- d-----w C:\Arquivos de programas\Orkut Cute

2008-07-17 12:23 --------- d-----w C:\Documents and Settings\JOÃO SERENO\Dados de aplicativos\Media Player Classic

2008-05-11 09:31 204,625 ----a-w C:\Arquivos de programas\neroLite_0.1_ALPHA.rar

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-02 68856]

"RegistryMechanic"="C:\Arquivos de programas\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"VTTimer"="VTTimer.exe" [2003-08-20 C:\WINDOWS\system32\VTTimer.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-05-17 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 44544]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\ZTE Wireless Terminal

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S3 zteusbser;ZTE USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\zteusbser.sys [2007-04-10 98432]

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\JOÃO SERENO\Dados de aplicativos\Mozilla\Firefox\Profiles\s8j9uhxt.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.br/

FF -: plugin - C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-02 19:17:12

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-02 19:18:31

ComboFix-quarantined-files.txt 2008-09-02 22:18:23

Pre-Run: 10 pasta(s) 26,259,165,184 bytes disponíveis

Post-Run: 14 pasta(s) 26,519,019,520 bytes disponíveis

116 --- E O F --- 2008-08-22 00:06:24

DigRam · Setembro 6, 2008

Bom Dia! jsereno

O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: http://bl125w.blu125.mail.live.com

O15 - Trusted Zone: *.live.com

O15 - Trusted Zone: *.msn.com

O15 - Trusted Zone: *.passport.com

<!> Foi voçê que estabeleceu,estes endereços,como preferenciais?

<!> Se não foi o caso,utilize o DelDomains.

--------------------------

<@> Baixe: < DelDomains >

<@> Extraia o DelDomains.inf,no Desktop.

<@> Clique com o botão direito do mouse,e escolha Instalar.

<@> Aparentemente,parece que nada aconteceu,pois a ação é imperceptível.

--------------------------

<@> Faça um scan online em: < Kaspersky >

<!> Acesse o site,e clique em: < >

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Poste,também,HijackThis atualizado.

Abraços!

jsereno · Setembro 6, 2008

Bom Dia! jsereno

O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: http://bl125w.blu125.mail.live.com

O15 - Trusted Zone: *.live.com

O15 - Trusted Zone: *.msn.com

O15 - Trusted Zone: *.passport.com

<!> Foi voçê que estabeleceu,estes endereços,como preferenciais?

<!> Se não foi o caso,utilize o DelDomains.

--------------------------

<@> Baixe: < DelDomains >

<@> Extraia o DelDomains.inf,no Desktop.

<@> Clique com o botão direito do mouse,e escolha Instalar.

<@> Aparentemente,parece que nada aconteceu,pois a ação é imperceptível.

--------------------------

<@> Faça um scan online em: < Kaspersky >

<!> Acesse o site,e clique em: < >

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Poste,também,HijackThis atualizado.

Abraços!

Meu caro DigRam, ô bichinho pra demorar esse scan.

Mas tai dizendo que ta limpo aqui.

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Saturday, September 6, 2008

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Saturday, September 06, 2008 10:54:44

Records in database: 1197296

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

Scan statistics:

Files scanned: 29889

Threat name: 0

Infected objects: 0

Suspicious objects: 0

Duration of the scan: 00:38:18

No malware has been detected. The scan area is clean.

The selected area was scanned.

Eis o hijackthis.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:46:34, on 6/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\JOÃO SERENO\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min