[Resolvido!] Vírus por e-mail

[Flavia Elaine 0]

Boa tarde,

 

Acho que estou com vírus no meu pc. Encaminho um cartão de natal por e-mail sem eu querer....

 

Segue o log...

 

C:\WINDOWS\system32\oobe\msobe.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RelevantKnowledge] C:\Arquivos de programas\RelevantKnowledge\rlvknlg.exe -boot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_47.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://chinchila.dyndns.org/ocx/IMMP4Control.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: RelevantKnowledge - C:\Arquivos de programas\RelevantKnowledge\rlls.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

 

--

End of file - 10227 bytes

 

 

 

Obrigada por me ajudar a tirar o virus!

[MGuitar 11]

Seu log está incompleto. Na próxima resposta, peço que por favor, poste-o na íntegra.

 

1ª Etapa

 

Vá em Painel de Controle > Adicionar ou Remover Programas. Encontre na lista e desinstale o item abaixo:

 

RelevantKnowledge.

 

2ª Etapa

 

- Faça o download do BankerFix e salve-o no desktop;

 

● Desabilite o seu antivírus temporariamente para não detectar a ferramenta como vírus;

● Dê um duplo clique em bankerfix.exe;

● Surgirá uma mensagem dizendo que o mesmo será baixado via internet;

● Clique em OK > OK. Tecle Enter e aguarde o término do scan;

● Terminado o scan, leia a mensagem na tela e tecle Enter novamente.

● Será gerado um log em C:\LinhaDefensiva\relatorio.txt.

 

Cole este log em sua próxima resposta juntamente com um novo log (completo) do HijackThis.

 

Delete a pasta C:\LinhaDefensiva após colar seu log aqui.

[Flavia Elaine 0]

Desculpa por não colar o log completo... agora vou fazer da forma correta... obrigada pelas orientacoes...

 

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2008-12-14 - 02:07

-------------------------------------------------------

Lista de Definição: 2008-12-14-1 | CORE: 2008-12-14-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\GBuster

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\oobe\dialmgr

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\oobe\msobcommw.dll

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\oobe\msobweb2.dll

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\oobe\oobeinfo.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\oobe\spoolsv.exe

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:12:54, on 14/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\VM305_STI.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.0.6:3128

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_47.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://chinchila.dyndns.org/ocx/IMMP4Control.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

 

--

End of file - 9282 bytes

[MGuitar 11]

Delete a pasta C:\LinhaDefensiva (caso não tenha a deletado ainda).

 

1ª Etapa

 

Abra o HijackThis e clique em Do a system scan only. Marque as entradas abaixo no log e clique no botão Fix Checked.

 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

Feche o HijackThis.

 

 

2ª Etapa

 

 

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

 

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);

● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;

● Após a instalação execute o programa;

● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;

● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;

● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.

OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;

● O log pode ser consultado clicando em Logs do menu principal também;

 

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

[Flavia Elaine 0]

Espero ter seguido as orientações corretamente, Obrigada por enquanto!

 

-------------------

Malwarebytes' Anti-Malware 1.31

Versão do banco de dados: 1508

Windows 5.1.2600 Service Pack 3

 

16/12/2008 21:21:30

mbam-log-2008-12-16 (21-21-30).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 131611

Tempo decorrido: 34 minute(s), 15 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 4

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 2

Arquivos infectados: 1

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\svchosts (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Delete on reboot.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

C:\Arquivos de programas\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.

C:\Arquivos de programas\RelevantKnowledge\components (Spyware.Marketscore) -> Quarantined and deleted successfully.

 

Arquivos infectados:

C:\Arquivos de programas\GbPlugin\gbiehCef.dll (Trojan.BHO) -> Delete on reboot.

 

 

-----------------------------------

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:25:56, on 16/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\VM305_STI.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.0.6:3128

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_47.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://chinchila.dyndns.org/ocx/IMMP4Control.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

 

--

End of file - 8921 bytes

[MGuitar 11]

- Faça o download do ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

 

Cole este log em sua próxima resposta.

[Flavia Elaine 0]

oi... Parece que desta vez não consegui fazer o procedimento correto... o combofix reiniciava o computador toda a vez que eu tentava passar... inclusive no modo de segurança.... e o log parece incompleto. Como sou leiga neste assunto pode ser até normal isso que aconteceu e eu que estou estranhando.... mas aqui vai o log...

--------------

ComboFix 08-12-18.01 - Administrador 2008-12-18 21:18:54.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2038.1783 [GMT -2:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

.

--------------------

[MGuitar 11]

Realmente o ComboFix não rodou corretamente.

 

Antes de continuarmos, sugeria que instalasse um antivirus em seu computador. Pois em seu log não consta nenhum antivirus.

 

- Faça o download do OTViewIt e salve no seu desktop;

 

● Duplo clique no icone do OTViewIt que está no seu desktop;

● Marque a caixa Scan All Users;

● Aperte o botão Run Scan e aguarde;

● Serão gerados dois relatórios. Copie e cole-os na sua próxima resposta:

 

- OTViewIt.txt <- Este será automaticamente aberto

- Extra.txt <- Este estará minimizado

[Flavia Elaine 0]

oi...

eu passei primeiro o Otviewit, aqui estão os logs...

 

OTViewIt logfile created on: 2008-12-20 10:47:01 - Run

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy-MM-dd

 

1.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.98% Memory free

3.84 Gb Paging File | 3.52 Gb Available in Paging File | 91.52% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 39.06 Gb Total Space | 23.01 Gb Free Space | 58.90% Space Free | Partition Type: NTFS

Drive D: | 109.98 Gb Total Space | 70.93 Gb Free Space | 64.49% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FLAVIA

Current User Name: Administrador

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2005-06-10 18:19:38 | 00,869,888 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

[2008-07-23 16:15:24 | 00,046,656 | ---- | M] () -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

[2006-08-14 15:41:28 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe

[2006-08-14 15:38:08 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe

[2007-02-02 01:42:16 | 16,050,688 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

[2005-08-05 16:15:04 | 00,061,440 | ---- | M] (Vimicro) -- C:\WINDOWS\VM305_STI.exe

[2005-06-10 12:20:06 | 01,397,760 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Ahead\InCD\InCD.exe

[2004-05-10 18:37:16 | 00,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe

[2007-08-24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[2008-06-10 05:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

[2008-08-30 19:27:56 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

[2008-06-10 05:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

[2008-12-18 09:10:19 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

[2008-12-10 01:12:02 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

[2008-12-10 01:12:02 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

[2007-10-18 12:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[2007-10-18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

[2008-12-20 10:46:08 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

File not found -- -- (GbpSv [unknown | Running])

[2007-09-10 23:57:24 | 00,138,168 | ---- | M] (Google) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2005-06-10 18:19:38 | 00,869,888 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])

[2007-08-24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

[2007-08-24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2007-10-18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

[2007-10-25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

[2006-11-03 00:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services ==========

 

[2007-02-02 01:42:10 | 01,155,584 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])

[2008-04-17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2007-02-02 01:42:24 | 00,137,728 | R--- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2006-08-14 17:00:24 | 01,109,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Running])

[2005-06-10 18:12:12 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])

[2005-06-10 18:11:50 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass [system | Running])

[2005-06-10 12:11:44 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [system | Running])

[2007-02-02 01:42:16 | 04,374,016 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

[2007-02-02 01:42:26 | 01,706,752 | R--- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])

[2008-04-13 16:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])

[2001-10-28 12:07:14 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running])

[2001-10-28 12:07:14 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])

[2003-12-05 07:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])

[2001-10-28 12:07:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007-02-02 01:42:12 | 00,081,920 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Stopped])

[2008-04-13 16:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])

[2007-11-13 08:25:56 | 00,020,480 | R--- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])

[2008-04-13 16:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys -- (sffdisk [On_Demand | Stopped])

[2008-04-13 16:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])

[2004-05-28 19:04:14 | 00,303,104 | ---- | M] () -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd [On_Demand | Stopped])

[2001-08-17 22:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])

[2007-02-02 01:42:11 | 00,162,560 | R--- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])

[2004-05-03 11:47:12 | 00,020,092 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus [On_Demand | Stopped])

[2004-05-03 11:47:48 | 00,039,136 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgUsbDiag.sys -- (UsbDiag [On_Demand | Stopped])

[2004-05-03 11:48:30 | 00,041,664 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])

[2006-08-02 19:20:42 | 01,466,624 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\system32\drivers\usbVM305.sys -- (ZSMC0305 [On_Demand | Stopped])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=&http://home.microsoft.com/intl/br/access/allinone.asp

"Start Page"=http://www.google.com.br/

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=&http://home.microsoft.com/intl/br/access/allinone.asp

"Start Page"=http://www.google.com.br/

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

========== (O1) Hosts File ==========

 

HOSTS File = (774 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (HKLM) -- C:\Arquivos de programas\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Arquivos de programas\Google\GoogleToolbar1.dll (Google Inc.)

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)

{C41A1C0E-EA6C-11D4-B1B8-444553540000} (HKLM) -- C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Arquivos de programas\Google\GoogleToolbar1.dll (Google Inc.)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Arquivos de programas\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Arquivos de programas\Google\GoogleToolbar1.dll (Google Inc.)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Arquivos de programas\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Arquivos de programas\Google\GoogleToolbar1.dll (Google Inc.)

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Arquivos de programas\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

"BigDog305"=C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) (Vimicro)

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

"InCD"=C:\Arquivos de programas\Ahead\InCD\InCD.exe (Nero AG)

"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found

"Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)

"snpstd"=C:\WINDOWS\vsnpstd.exe ()

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CoolSMS"= File not found

"Google Update"="C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c (Google Inc.)

"PowerBar"= File not found

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CoolSMS"= File not found

"Google Update"="C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c (Google Inc.)

"PowerBar"= File not found

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

 

========== (O4) Startup Folders ==========

 

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"DisableRegistryTools"=0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"DisableRegistryTools"=0

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

Add to AMV Convert Tool...: C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html [2006-02-16 10:37:38 | 00,000,890 | ---- | M] ()

E&xportar para o Microsoft Excel: C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

MediaManager tool grab multimedia file: C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html [2006-02-15 09:30:44 | 00,000,890 | ---- | M] ()

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\Software\Microsoft\Internet Explorer\MenuExt\]

Add to AMV Convert Tool...: C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html [2006-02-16 10:37:38 | 00,000,890 | ---- | M] ()

E&xportar para o Microsoft Excel: C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

MediaManager tool grab multimedia file: C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html [2006-02-15 09:30:44 | 00,000,890 | ---- | M] ()

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 05:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Enviar para o OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 03:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: &Enviar para o OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 03:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-12-07 15:08:02 | 01,377,576 | ---- | M] (Skype Technologies S.A.)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 16:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 00:21:10 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 00:21:10 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab -- MSN Photo Upload Tool

{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object

{83AFB5CA-ED35-11D4-A452-0080C8D85045}: http://200.212.184.212/g_bin/eng/poker_2_0_0_47.cab -- GameDesire Poker Games

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{9122D757-5A4F-4768-82C5-B4171D8556A7}: http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab -- PhotoPickConvert Class

{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6}: http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab -- BatchDownloader Class

{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

{DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931}: https://imagem.caixa.gov.br/cab/gbpdist.cab -- GbpDistObj Class

{E62D1A95-8299-4B94-85D0-731DC125A60D}: http://chinchila.dyndns.org/ocx/IMMP4Control.cab -- IMMP4Control Control

{F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}: https://secure.gopetslive.com/dev/GoPetsWeb.cab -- GoPetsWeb Control

 

========== (O17) DNS Name Servers ==========

 

{0F8781AD-216F-47B1-BF64-8CA426C2213E} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

{2805DC03-DDDC-4C5D-817A-FD45DBA3B7EE} (Servers: | Description: Adaptador de rede 1394)

{40334DF5-0895-4DD8-B765-4360622BB2DE} (Servers: | Description: )

{877FA2CA-F4B3-4C1D-81DB-408D66D4B339} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

GbPluginBb: "DllName" = C:\ARQUIV~1\GbPlugin\gbieh.dll -- C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

GbPluginCef: "DllName" = C:\Arquivos de programas\GbPlugin\gbiehCef.dll -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll File not found

igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}" (HKLM) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" (HKLM) -- C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2007-09-07 15:03:50 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

 

 

========== MountPoints2 ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86c9b0f6-5d64-11dc-b493-ede68664be20}\Shell\AutoRun\command]

""=mp3.exe

 

========== Files/Folders - Created Within 30 Days ==========

 

[4 C:\WINDOWS\*.tmp files]

[2008-12-20 10:46:07 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTViewIt.exe

[2008-12-18 23:32:56 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31728.exe

[2008-12-18 23:32:56 | 00,000,000 | ---D | C] -- C:\ComboFix

[2008-12-18 21:18:07 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF5306.exe

[2008-12-18 21:12:25 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4196.exe

[2008-12-18 21:09:57 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2008-12-18 21:09:55 | 00,261,856 | ---- | C] () -- C:\cmldr

[2008-12-18 21:09:52 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2008-12-18 21:06:23 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2008-12-18 21:06:23 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2008-12-18 21:06:23 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2008-12-18 21:06:23 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2008-12-18 21:06:23 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe

[2008-12-18 21:06:23 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2008-12-18 21:06:23 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2008-12-18 21:06:23 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

[2008-12-18 21:06:23 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2008-12-18 21:06:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2008-12-18 21:06:20 | 00,000,000 | ---D | C] -- C:\Qoobox

[2008-12-18 21:06:19 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3004.exe

[2008-12-18 21:04:47 | 02,885,135 | R--- | C] () -- C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

[2008-12-16 20:42:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes

[2008-12-16 20:42:36 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008-12-16 20:42:36 | 00,000,770 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008-12-16 20:42:34 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-12-16 20:42:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2008-12-16 20:42:33 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2008-12-16 20:37:55 | 02,539,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Desktop\mbam-setup.exe

[2008-12-14 12:56:21 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrador\Desktop\~$rterinha.doc

[2008-12-14 02:12:48 | 00,001,840 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\HijackThis.lnk

[2008-12-14 02:01:07 | 00,178,591 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Administrador\Desktop\bankerfix.exe

[2008-12-10 18:40:28 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008-12-07 11:19:03 | 00,007,071 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\N360BUOptions.ini

[2008-12-02 09:29:27 | 00,000,001 | -HS- | C] () -- C:\MSDOS.INF

 

========== Files - Modified Within 30 Days ==========

 

[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[1 C:\Documents and Settings\Administrador\Desktop\*.tmp files]

[2008-12-20 10:46:08 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTViewIt.exe

[2008-12-20 10:45:19 | 00,000,649 | ---- | M] () -- C:\Documents and Settings\Administrador\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2008-12-20 10:12:00 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-12-20 10:11:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-12-20 10:11:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-12-18 23:32:52 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31728.exe

[2008-12-18 21:18:01 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF5306.exe

[2008-12-18 21:12:21 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4196.exe

[2008-12-18 21:09:57 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2008-12-18 21:06:16 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3004.exe

[2008-12-18 21:06:03 | 02,885,135 | R--- | M] () -- C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

[2008-12-18 18:35:30 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2008-12-17 09:58:20 | 00,057,856 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-16 21:25:51 | 00,001,840 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\HijackThis.lnk

[2008-12-16 20:42:36 | 00,000,770 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008-12-16 20:42:08 | 02,539,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Desktop\mbam-setup.exe

[2008-12-14 15:44:01 | 00,084,480 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\carterinha.doc

[2008-12-14 12:56:21 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrador\Desktop\~$rterinha.doc

[2008-12-14 02:01:09 | 00,178,591 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Administrador\Desktop\bankerfix.exe

[2008-12-13 04:37:59 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2008-12-13 04:37:59 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2008-12-10 18:42:25 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-12-10 18:40:28 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2008-12-08 19:24:29 | 04,240,132 | -H-- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\IconCache.db

[2008-12-07 11:19:03 | 00,007,071 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\N360BUOptions.ini

[2008-12-03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-12-03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008-12-02 19:26:30 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-12-02 09:29:27 | 00,000,001 | -HS- | M] () -- C:\MSDOS.INF

[2008-11-29 02:57:45 | 00,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI

< End of report >

--------------

OTViewIt Extras logfile created on: 2008-12-20 10:47:01 - Run

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy-MM-dd

 

1.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.98% Memory free

3.84 Gb Paging File | 3.52 Gb Available in Paging File | 91.52% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 39.06 Gb Total Space | 23.01 Gb Free Space | 58.90% Space Free | Partition Type: NTFS

Drive D: | 109.98 Gb Total Space | 70.93 Gb Free Space | 64.49% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FLAVIA

Current User Name: Administrador

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=1

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=0

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=1

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-14 00:21:17 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 16:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 12:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-04-14 00:21:17 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-05-21 05:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

[2007-08-29 01:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove

[2008-05-21 06:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote

[2008-09-18 16:50:21 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire

File not found -- C:\Arquivos de programas\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II

File not found -- C:\Arquivos de programas\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations

File not found -- C:\Arquivos de programas\Counter-Strike Source\hl2.exe:*:Enabled:hl2

[2008-04-14 00:21:00 | 00,769,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz

[2008-04-14 00:21:17 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Compartilhamento de aplicativo RTC

[2007-12-07 15:08:02 | 21,686,568 | R--- | M] (Skype Technologies S.A.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype

[2005-05-06 22:47:08 | 02,224,128 | ---- | M] (www.BitLord.com) -- C:\Arquivos de programas\BitLord\BitLord.exe:*:Enabled:BitLord

File not found -- C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

File not found -- C:\Arquivos de programas\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server

File not found -- c:\WINDOWS\Temp\~os2.tmp\ossproxy.exe:*:Enabled:ossproxy.exe

File not found -- C:\WINDOWS\Temp\~os6.tmp\ossproxy.exe:*:Enabled:ossproxy.exe

[2008-04-13 16:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 12:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

File not found -- C:\WINDOWS\Temp\~os8.tmp\ossproxy.exe:*:Enabled:ossproxy.exe

File not found -- c:\WINDOWS\Temp\~os5.tmp\ossproxy.exe:*:Enabled:ossproxy.exe

File not found -- C:\WINDOWS\Temp\~osE.tmp\ossproxy.exe:*:Enabled:ossproxy.exe

File not found -- C:\Arquivos de programas\RelevantKnowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Protocolo de transporte compatível] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-08-24 08:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2006-10-26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-12-07 15:08:02 | 01,934,672 | R--- | M] (Skype Technologies) C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [iEProtocolHandler Class])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2006-10-26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}"=MSXML4 Parser

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=Multimedia Launcher

"{22B37FDE-A8DC-4F81-80F5-71809A6B9E64}"=ADPHONE3Upgrade

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer

"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{3A417047-2E30-4D05-8977-F706D40BFF39}"=Windows Live installer

"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}"=Macromedia Flash MX

"{57383270-6F61-4DC8-A9B8-C1745FC29F38}"=USB PC Camera (SN9C102)

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{7784A172-61F1-445E-8368-601607E0DD22}"=MP3 Player Utilities 4.00

"{7FC2AF73-10ED-404E-84A8-636B452404FD}"=Realtek RTL8139 Diagnostics Program

"{862CFE72-7135-4491-94BB-28D0B7FFAA63}"=LG SyncAgent

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight

"{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}"=Windows Live Messenger

"{90120000-0010-0416-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

"{90120000-0015-0416-0000-0000000FF1CE}"=Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0416-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0416-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0416-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0416-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0416-0000-0000000FF1CE}"=Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0416-0000-0000000FF1CE}"=Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{669EB263-0AFE-4FCB-A068-DB082CA6273C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0416-0000-0000000FF1CE}"=Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0416-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0416-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{98003BDC-1B68-4970-B28E-ACC8000D2F3E}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0416-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00B2-0416-0000-0000000FF1CE}"=Suplemento Microsoft Salvar como PDF ou XPS para programas do Microsoft Office 2007

"{90120000-00BA-0416-0000-0000000FF1CE}"=Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{AC76BA86-7AD7-1046-7B44-A81200000003}"=Adobe Reader 8.1.2 - Português

"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}"=REALTEK GbE & FE Ethernet PCI NIC Driver

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Assistente de Conexão do Windows Live

"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer

"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}"=DVD Solution

"{BCF2CEFB-E23D-42EF-A5FA-F9ED2A085821}_is1"=CoolSMS 2.06 beta

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}"=LG USB Modem driver

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}"=GearDrvs

"{CD89BDD5-E758-42D5-B34B-C149F88CE515}"=Look 316

"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader

"{DBB7664B-6BAD-43F9-95E8-3D3E4E3FE9C4}"=ADPHONE3

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer

"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}"=Adobe Photoshop CS

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver

"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}"=The Simpsons Hit & Run

"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1"=BitPim 1.0.1

"219b3bb94d71729d119ee9ce52d76000"=Receitanet Java 2008.01a

"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin"=Adobe Flash Player Plugin

"Adobe Shockwave Player"=Adobe Shockwave Player

"BitLord"=BitLord 1.1

"DVD Shrink_is1"=DVD Shrink 3.2

"ENTERPRISE"=Microsoft Office Enterprise 2007

"EVEREST Home Edition_is1"=EVEREST Home Edition v1.51

"GTK 2.0"=Ambiente de tempo de execução do GTK+ 2.12.8 rev a (apenas remover)

"HDMI"=Intel® Graphics Media Accelerator Driver

"HijackThis"=HijackThis 2.0.2

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"InCD!UninstallKey"=InCD

"IRPF2008 - Declaração de Ajuste Anual"=IRPF2008 - Declaração de Ajuste Anual

"LimeWire"=LimeWire 4.18.8

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"MegauploadToolbar"=Megaupload Toolbar

"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"Nero - Burning Rom!UninstallKey"=Nero OEM

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"Pidgin"=Pidgin

"RealAlt_is1"=Real Alternative 1.60

"StarUML_is1"=StarUML 5.0.2.1570

"temasxp versão 1515 v1.0"=temasxp versão 15

"TOSHIBA Software Modem"=TOSHIBA Software Modem

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 3

"WinRAR archiver"=Arquivo do WinRAR

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"WMV9_VCM"=Microsoft Windows Media Video 9 VCM

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

"XP Codec Pack"=XP Codec Pack

"Zylom Games Player Plugin"=Zylom Games Player Plugin

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome"=Google Chrome

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome"=Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-11-23 16:53:07 | Computer Name = FLAVIA | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 7.0.6000.16735, módulo com

falha unknown, versão 0.0.0.0, endereço com falha 0x70706f68.

 

Error - 2008-11-23 19:02:47 | Computer Name = FLAVIA | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 7.0.6000.16735, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 2008-11-23 19:02:52 | Computer Name = FLAVIA | Source = Application Hang | ID = 1001

Description = Falha no compartimento de memória 939517030.

 

Error - 2008-11-23 19:13:12 | Computer Name = FLAVIA | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 7.0.6000.16735, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 2008-12-02 08:02:17 | Computer Name = FLAVIA | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 7.0.6000.16735, módulo com

falha mshtml.dll, versão 7.0.6000.16735, endereço com falha 0x000bdac1.

 

Error - 2008-12-05 23:00:39 | Computer Name = FLAVIA | Source = ESENT | ID = 485

Description = msnmsgr (2056) Falha na tentativa de excluir o arquivo "\\.\C:\Documents

and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\flaviaelaine@gmail.com\SharingMetadata\Working\database_5E6C_6070_6C60_44BD\tmp.stm",

com erro de sistema 123 (0x0000007b): "A sintaxe do nome do arquivo, pasta ou nome

do volume está incorreta. ". A operação de exclusão do arquivo falhará com o erro

-1022 (0xfffffc02).

 

Error - 2008-12-08 22:33:43 | Computer Name = FLAVIA | Source = ESENT | ID = 485

Description = msnmsgr (1932) Falha na tentativa de excluir o arquivo "\\.\C:\Documents

and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\flaviaelaine@gmail.com\SharingMetadata\Working\database_5E6C_6070_6C60_44BD\tmp.stm",

com erro de sistema 123 (0x0000007b): "A sintaxe do nome do arquivo, pasta ou nome

do volume está incorreta. ". A operação de exclusão do arquivo falhará com o erro

-1022 (0xfffffc02).

 

Error - 2008-12-09 16:12:51 | Computer Name = FLAVIA | Source = ESENT | ID = 485

Description = msnmsgr (2952) Falha na tentativa de excluir o arquivo "\\.\C:\Documents

and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\fcrombi@hotmail.com\SharingMetadata\Working\database_5E6C_6070_6C60_44BD\tmp.stm",

com erro de sistema 123 (0x0000007b): "A sintaxe do nome do arquivo, pasta ou nome

do volume está incorreta. ". A operação de exclusão do arquivo falhará com o erro

-1022 (0xfffffc02).

 

Error - 2008-12-15 18:55:17 | Computer Name = FLAVIA | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 7.0.6000.16762, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 2008-12-18 16:34:45 | Computer Name = FLAVIA | Source = Google Update | ID = 20

Description =

 

[ OSession Events ]

Error - 2007-09-19 23:12:35 | Computer Name = FLAVIA-EC176C53 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 29

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2007-10-25 18:52:40 | Computer Name = FLAVIA-EC176C53 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2027

seconds with 1260 seconds of active time. This session ended with a crash.

 

Error - 2007-10-25 19:03:39 | Computer Name = FLAVIA-EC176C53 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 651

seconds with 600 seconds of active time. This session ended with a crash.

 

Error - 2007-10-31 18:12:00 | Computer Name = FLAVIA-EC176C53 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 587

seconds with 540 seconds of active time. This session ended with a crash.

 

Error - 2008-06-11 22:07:52 | Computer Name = FLAVIA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2008-06-11 22:08:28 | Computer Name = FLAVIA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 22 seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2008-06-11 22:08:45 | Computer Name = FLAVIA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2008-06-14 08:44:26 | Computer Name = FLAVIA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 316 seconds with 180 seconds of active time. This session ended with a crash.

 

Error - 2008-08-06 19:50:15 | Computer Name = FLAVIA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 5837

seconds with 600 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 2008-12-18 19:17:56 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7001

Description = O serviço Cliente DHCP depende do serviço NetBios em Tcpip, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2008-12-18 19:17:56 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7001

Description = O serviço Cliente DNS depende do serviço Driver de protocolo TCP/IP,

mas não foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2008-12-18 19:17:56 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7001

Description = O serviço Auxiliar NetBIOS TCP/IP depende do serviço AFD, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2008-12-18 19:17:56 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7001

Description = O serviço Serviços IPSEC depende do serviço Driver IPSEC, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2008-12-18 19:17:56 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

 

Error - 2008-12-18 19:20:35 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

 

Error - 2008-12-18 21:34:59 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

 

Error - 2008-12-19 13:30:08 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

 

Error - 2008-12-19 15:33:16 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

 

Error - 2008-12-20 08:11:58 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

 

 

< End of report >

-----------------

[Flavia Elaine 0]

depois instalei o antivirus... aqui esta o log:

 

 

 

 

Avira AntiVir Personal

Report file date: 2008-12-20 11:09

 

Scanning for 1106377 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: FLAVIA

 

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-18 11:21:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 10:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 15:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 10:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 14:30:36

ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 2008-12-07 13:07:37

ANTIVIR2.VDF : 7.1.0.250 342528 Bytes 2008-12-18 13:07:50

ANTIVIR3.VDF : 7.1.1.14 95232 Bytes 2008-12-19 13:07:53

Engineversion : 8.2.0.45

AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-14 13:05:56

AESCRIPT.DLL : 8.1.1.19 336252 Bytes 2008-12-20 13:08:38

AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-07 18:06:41

AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-04 16:58:38

AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-11 12:41:39

AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2008-12-20 13:08:34

AEHEUR.DLL : 8.1.0.75 1524087 Bytes 2008-12-20 13:08:31

AEHELP.DLL : 8.1.2.0 119159 Bytes 2008-12-20 13:08:12

AEGEN.DLL : 8.1.1.8 323956 Bytes 2008-12-20 13:08:08

AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 13:05:56

AECORE.DLL : 8.1.5.2 172405 Bytes 2008-12-20 13:07:57

AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 13:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 11:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 12:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 15:02:15

AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 14:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 11:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 15:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 20:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 15:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 15:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 16:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 16:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\arquivos de programas\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: 2008-12-20 11:09

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'notepad.exe' - '1' Module(s) have been scanned

Scan process 'notepad.exe' - '1' Module(s) have been scanned

Scan process 'OTViewIt.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'jucheck.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned

Scan process 'vsnpstd.exe' - '1' Module(s) have been scanned

Scan process 'InCD.exe' - '1' Module(s) have been scanned

Scan process 'VM305_STI.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned

Scan process 'igfxpers.exe' - '1' Module(s) have been scanned

Scan process 'hkcmd.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'gbpsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

40 processes with 40 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '61' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Administrador\Configurações locais\Temp\Chineses.pps.zip

[0] Archive type: ZIP

--> Chineses.pps.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.dvlp.1 back-door program

[NOTE] The file was deleted!

C:\Documents and Settings\Administrador\Configurações locais\Temp\Rar$DI01.578\curriculo.com

[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

[NOTE] The file was deleted!

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\9VEIGFF9\curriculo[1].zip

[0] Archive type: ZIP

--> curriculo.com

[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP255\A0040655.SYS

[DETECTION] Is the TR/Killfiles.TX Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040712.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040712.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040713.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040713.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040714.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040714.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040715.com

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040715.com

[DETECTION] Is the TR/Banload.Z Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040716.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040716.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040717.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040717.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040718.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040718.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040719.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040719.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040720.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040720.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040721.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040721.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040722.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040722.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040723.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040723.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040724.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040724.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040725.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040725.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040726.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040726.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040727.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040727.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040728.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040728.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040729.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040729.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040730.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040730.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040731.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040731.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040732.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040732.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040733.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040733.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040734.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040734.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040735.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040735.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040736.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040736.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040737.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040737.exe

[DETECTION] Contains recognition pattern of the WORM/Muha.A worm

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040739.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040739.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040740.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040740.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040741.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040741.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040742.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040742.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040743.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040743.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040744.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040744.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040745.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040745.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040746.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040746.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040747.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040747.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040748.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040748.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040749.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040749.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040750.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040750.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040751.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040751.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040752.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040752.exe

[DETECTION] Is the TR/Spy.Banker.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040753.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040753.exe

[DETECTION] Is the TR/Killfiles.TN Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040754.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040754.exe

[DETECTION] Is the TR/Spy.Banker.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040755.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040755.exe

[DETECTION] Is the TR/Spy.Banker.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040756.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040756.exe

[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040757.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040757.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040759.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040759.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040760.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040760.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040761.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040761.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040762.exe

[DETECTION] Contains HEUR/Malware suspicious code

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to '497cf456.qua'!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040764.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040764.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040766.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040766.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040767.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040767.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040768.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040768.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040769.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040769.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040770.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040770.exe

[DETECTION] Is the TR/Spy.Banker.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040771.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040771.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040772.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040772.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040773.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040773.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040774.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040774.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040775.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040775.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040776.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040776.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040777.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040777.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040778.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040778.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040779.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040779.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040780.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040780.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040781.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040781.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040782.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040782.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040783.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040783.exe

[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040784.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040784.exe

[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040785.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040785.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040786.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040786.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040787.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040787.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040788.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040788.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040789.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040789.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040790.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040790.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040791.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040791.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040792.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040792.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040793.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040793.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040794.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040794.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040795.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040795.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040796.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040796.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040797.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040797.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040798.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040798.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040799.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040799.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040800.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040800.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040801.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040801.exe

[DETECTION] Is the TR/Drop.Muha.462027 Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040803.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040803.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040804.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040804.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040805.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040805.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040806.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040806.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040807.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP256\A0040807.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP300\A0052604.dll

[DETECTION] Is the TR/Banker.Banbra.flo Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP300\A0052605.dll

[DETECTION] Is the TR/Spy.Gen Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP300\A0052606.exe

[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper

[NOTE] The file was deleted!

C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP300\A0052607.exe

[DETECTION] Is the TR/Downloader.Gen Trojan

[NOTE] The file was deleted!

Begin scan in 'D:\' <Novo volume>

D:\Incomplete\Preview-T-3545425-beber cair e fazer creu.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was deleted!

D:\Incomplete\Preview-T-5745425-beber cair e fazer creu.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was deleted!

D:\Incomplete\T-3545425-beber cair e fazer creu.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was deleted!

D:\Incomplete\T-460090-coyote girls sexy girl has shaking orgasm during ---.mpg

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was deleted!

D:\MP3\coyote girls.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was deleted!

D:\MP3\Seal - Future Love Paradise.wma

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was deleted!

D:\pen drive\jfk\jfk.rar

[0] Archive type: RAR

--> 3D SexVilla\3DSexVillaInstall.exe

[DETECTION] Is the TR/Agent.3463217 Trojan

--> 3D SexVilla\Launcher\fc3DSexVillaRun.exe

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] The file was deleted!

D:\programas\aresmp3free.exe

[DETECTION] Contains recognition pattern of the DR/Relevant.I.74 dropper

[NOTE] The file was deleted!

D:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP305\A0057859.exe

[DETECTION] Contains recognition pattern of the DR/Relevant.I.74 dropper

[NOTE] The file was deleted!

 

 

End of the scan: 2008-12-20 11:52

Used time: 43:15 Minute(s)

 

The scan has been done completely.

 

6117 Scanning directories

280157 Files were scanned

108 viruses and/or unwanted programs were found

1 Files were classified as suspicious:

107 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

280047 Files not concerned

3023 Archives were scanned

1 Warnings

108 Notes

[Flavia Elaine 0]

E agora passei o otveiwit denovo....

 

OTViewIt Extras logfile created on: 2008-12-20 19:00:26 - Run 2

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy-MM-dd

 

1.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.51% Memory free

3.84 Gb Paging File | 3.39 Gb Available in Paging File | 88.28% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 39.06 Gb Total Space | 22.92 Gb Free Space | 58.69% Space Free | Partition Type: NTFS

Drive D: | 109.98 Gb Total Space | 70.84 Gb Free Space | 64.41% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 1.92 Gb Total Space | 1.92 Gb Free Space | 100.00% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FLAVIA

Current User Name: Administrador

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=1

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=0

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=1

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-14 00:21:17 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 16:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 12:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-04-14 00:21:17 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-05-21 05:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

[2007-08-29 01:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove

[2008-05-21 06:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote

[2008-09-18 16:50:21 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire

File not found -- C:\Arquivos de programas\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II

File not found -- C:\Arquivos de programas\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations

File not found -- C:\Arquivos de programas\Counter-Strike Source\hl2.exe:*:Enabled:hl2

[2008-04-14 00:21:00 | 00,769,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz

[2008-04-14 00:21:17 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Compartilhamento de aplicativo RTC

[2007-12-07 15:08:02 | 21,686,568 | R--- | M] (Skype Technologies S.A.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype

[2005-05-06 22:47:08 | 02,224,128 | ---- | M] (www.BitLord.com) -- C:\Arquivos de programas\BitLord\BitLord.exe:*:Enabled:BitLord

File not found -- C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

File not found -- C:\Arquivos de programas\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server

File not found -- c:\WINDOWS\Temp\~os2.tmp\ossproxy.exe:*:Enabled:ossproxy.exe

File not found -- C:\WINDOWS\Temp\~os6.tmp\ossproxy.exe:*:Enabled:ossproxy.exe

[2008-04-13 16:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 12:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

File not found -- C:\WINDOWS\Temp\~os8.tmp\ossproxy.exe:*:Enabled:ossproxy.exe

File not found -- c:\WINDOWS\Temp\~os5.tmp\ossproxy.exe:*:Enabled:ossproxy.exe

File not found -- C:\WINDOWS\Temp\~osE.tmp\ossproxy.exe:*:Enabled:ossproxy.exe

File not found -- C:\Arquivos de programas\RelevantKnowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Protocolo de transporte compatível] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-08-24 08:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2006-10-26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-12-07 15:08:02 | 01,934,672 | R--- | M] (Skype Technologies) C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [iEProtocolHandler Class])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2006-10-26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}"=MSXML4 Parser

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=Multimedia Launcher

"{22B37FDE-A8DC-4F81-80F5-71809A6B9E64}"=ADPHONE3Upgrade

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer

"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{3A417047-2E30-4D05-8977-F706D40BFF39}"=Windows Live installer

"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}"=Macromedia Flash MX

"{57383270-6F61-4DC8-A9B8-C1745FC29F38}"=USB PC Camera (SN9C102)

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{7784A172-61F1-445E-8368-601607E0DD22}"=MP3 Player Utilities 4.00

"{7FC2AF73-10ED-404E-84A8-636B452404FD}"=Realtek RTL8139 Diagnostics Program

"{862CFE72-7135-4491-94BB-28D0B7FFAA63}"=LG SyncAgent

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight

"{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}"=Windows Live Messenger

"{90120000-0010-0416-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

"{90120000-0015-0416-0000-0000000FF1CE}"=Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0416-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0416-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0416-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0416-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0416-0000-0000000FF1CE}"=Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0416-0000-0000000FF1CE}"=Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{669EB263-0AFE-4FCB-A068-DB082CA6273C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0416-0000-0000000FF1CE}"=Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0416-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0416-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{98003BDC-1B68-4970-B28E-ACC8000D2F3E}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0416-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00B2-0416-0000-0000000FF1CE}"=Suplemento Microsoft Salvar como PDF ou XPS para programas do Microsoft Office 2007

"{90120000-00BA-0416-0000-0000000FF1CE}"=Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{AC76BA86-7AD7-1046-7B44-A81200000003}"=Adobe Reader 8.1.2 - Português

"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}"=REALTEK GbE & FE Ethernet PCI NIC Driver

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Assistente de Conexão do Windows Live

"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer

"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}"=DVD Solution

"{BCF2CEFB-E23D-42EF-A5FA-F9ED2A085821}_is1"=CoolSMS 2.06 beta

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}"=LG USB Modem driver

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}"=GearDrvs

"{CD89BDD5-E758-42D5-B34B-C149F88CE515}"=Look 316

"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader

"{DBB7664B-6BAD-43F9-95E8-3D3E4E3FE9C4}"=ADPHONE3

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer

"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}"=Adobe Photoshop CS

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver

"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}"=The Simpsons Hit & Run

"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1"=BitPim 1.0.1

"219b3bb94d71729d119ee9ce52d76000"=Receitanet Java 2008.01a

"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin"=Adobe Flash Player Plugin

"Adobe Shockwave Player"=Adobe Shockwave Player

"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus

"BitLord"=BitLord 1.1

"DVD Shrink_is1"=DVD Shrink 3.2

"ENTERPRISE"=Microsoft Office Enterprise 2007

"EVEREST Home Edition_is1"=EVEREST Home Edition v1.51

"GTK 2.0"=Ambiente de tempo de execução do GTK+ 2.12.8 rev a (apenas remover)

"HDMI"=Intel® Graphics Media Accelerator Driver

"HijackThis"=HijackThis 2.0.2

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"InCD!UninstallKey"=InCD

"IRPF2008 - Declaração de Ajuste Anual"=IRPF2008 - Declaração de Ajuste Anual

"LimeWire"=LimeWire 4.18.8

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"MegauploadToolbar"=Megaupload Toolbar

"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"Nero - Burning Rom!UninstallKey"=Nero OEM

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"Pidgin"=Pidgin

"RealAlt_is1"=Real Alternative 1.60

"StarUML_is1"=StarUML 5.0.2.1570

"temasxp versão 1515 v1.0"=temasxp versão 15

"TOSHIBA Software Modem"=TOSHIBA Software Modem

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 3

"WinRAR archiver"=Arquivo do WinRAR

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"WMV9_VCM"=Microsoft Windows Media Video 9 VCM

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

"XP Codec Pack"=XP Codec Pack

"Zylom Games Player Plugin"=Zylom Games Player Plugin

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome"=Google Chrome

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome"=Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-11-23 16:53:07 | Computer Name = FLAVIA | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 7.0.6000.16735, módulo com

falha unknown, versão 0.0.0.0, endereço com falha 0x70706f68.

 

Error - 2008-11-23 19:02:47 | Computer Name = FLAVIA | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 7.0.6000.16735, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 2008-11-23 19:02:52 | Computer Name = FLAVIA | Source = Application Hang | ID = 1001

Description = Falha no compartimento de memória 939517030.

 

Error - 2008-11-23 19:13:12 | Computer Name = FLAVIA | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 7.0.6000.16735, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 2008-12-02 08:02:17 | Computer Name = FLAVIA | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 7.0.6000.16735, módulo com

falha mshtml.dll, versão 7.0.6000.16735, endereço com falha 0x000bdac1.

 

Error - 2008-12-05 23:00:39 | Computer Name = FLAVIA | Source = ESENT | ID = 485

Description = msnmsgr (2056) Falha na tentativa de excluir o arquivo "\\.\C:\Documents

and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\flaviaelaine@gmail.com\SharingMetadata\Working\database_5E6C_6070_6C60_44BD\tmp.stm",

com erro de sistema 123 (0x0000007b): "A sintaxe do nome do arquivo, pasta ou nome

do volume está incorreta. ". A operação de exclusão do arquivo falhará com o erro

-1022 (0xfffffc02).

 

Error - 2008-12-08 22:33:43 | Computer Name = FLAVIA | Source = ESENT | ID = 485

Description = msnmsgr (1932) Falha na tentativa de excluir o arquivo "\\.\C:\Documents

and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\flaviaelaine@gmail.com\SharingMetadata\Working\database_5E6C_6070_6C60_44BD\tmp.stm",

com erro de sistema 123 (0x0000007b): "A sintaxe do nome do arquivo, pasta ou nome

do volume está incorreta. ". A operação de exclusão do arquivo falhará com o erro

-1022 (0xfffffc02).

 

Error - 2008-12-09 16:12:51 | Computer Name = FLAVIA | Source = ESENT | ID = 485

Description = msnmsgr (2952) Falha na tentativa de excluir o arquivo "\\.\C:\Documents

and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\fcrombi@hotmail.com\SharingMetadata\Working\database_5E6C_6070_6C60_44BD\tmp.stm",

com erro de sistema 123 (0x0000007b): "A sintaxe do nome do arquivo, pasta ou nome

do volume está incorreta. ". A operação de exclusão do arquivo falhará com o erro

-1022 (0xfffffc02).

 

Error - 2008-12-15 18:55:17 | Computer Name = FLAVIA | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 7.0.6000.16762, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 2008-12-18 16:34:45 | Computer Name = FLAVIA | Source = Google Update | ID = 20

Description =

 

[ OSession Events ]

Error - 2007-09-19 23:12:35 | Computer Name = FLAVIA-EC176C53 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 29

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2007-10-25 18:52:40 | Computer Name = FLAVIA-EC176C53 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2027

seconds with 1260 seconds of active time. This session ended with a crash.

 

Error - 2007-10-25 19:03:39 | Computer Name = FLAVIA-EC176C53 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 651

seconds with 600 seconds of active time. This session ended with a crash.

 

Error - 2007-10-31 18:12:00 | Computer Name = FLAVIA-EC176C53 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 587

seconds with 540 seconds of active time. This session ended with a crash.

 

Error - 2008-06-11 22:07:52 | Computer Name = FLAVIA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2008-06-11 22:08:28 | Computer Name = FLAVIA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 22 seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2008-06-11 22:08:45 | Computer Name = FLAVIA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2008-06-14 08:44:26 | Computer Name = FLAVIA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 316 seconds with 180 seconds of active time. This session ended with a crash.

 

Error - 2008-08-06 19:50:15 | Computer Name = FLAVIA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 5837

seconds with 600 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 2008-12-18 19:17:56 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7001

Description = O serviço Cliente DHCP depende do serviço NetBios em Tcpip, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2008-12-18 19:17:56 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7001

Description = O serviço Cliente DNS depende do serviço Driver de protocolo TCP/IP,

mas não foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2008-12-18 19:17:56 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7001

Description = O serviço Auxiliar NetBIOS TCP/IP depende do serviço AFD, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2008-12-18 19:17:56 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7001

Description = O serviço Serviços IPSEC depende do serviço Driver IPSEC, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2008-12-18 19:17:56 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

 

Error - 2008-12-18 19:20:35 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

 

Error - 2008-12-18 21:34:59 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

 

Error - 2008-12-19 13:30:08 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

 

Error - 2008-12-19 15:33:16 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

 

Error - 2008-12-20 08:11:58 | Computer Name = FLAVIA | Source = Service Control Manager | ID = 7028

Description = A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM

e o Gerenciador de controle de serviços apropriou-se da chave.

 

 

< End of report >

-------------------

OTViewIt logfile created on: 2008-12-20 19:00:26 - Run 2

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy-MM-dd

 

1.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.51% Memory free

3.84 Gb Paging File | 3.39 Gb Available in Paging File | 88.28% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 39.06 Gb Total Space | 22.92 Gb Free Space | 58.69% Space Free | Partition Type: NTFS

Drive D: | 109.98 Gb Total Space | 70.84 Gb Free Space | 64.41% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 1.92 Gb Total Space | 1.92 Gb Free Space | 100.00% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FLAVIA

Current User Name: Administrador

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2005-06-10 18:19:38 | 00,869,888 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

[2008-07-23 16:15:24 | 00,046,656 | ---- | M] () -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

[2006-08-14 15:41:28 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe

[2006-08-14 15:38:08 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe

[2007-02-02 01:42:16 | 16,050,688 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

[2005-08-05 16:15:04 | 00,061,440 | ---- | M] (Vimicro) -- C:\WINDOWS\VM305_STI.exe

[2005-06-10 12:20:06 | 01,397,760 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Ahead\InCD\InCD.exe

[2004-05-10 18:37:16 | 00,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe

[2007-08-24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[2008-06-10 05:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

[2008-08-30 19:27:56 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

[2008-06-10 05:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

[2008-12-18 09:10:19 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

[2007-10-18 12:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[2007-10-18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

[2008-12-20 10:46:08 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTViewIt.exe

[2008-10-15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

[2008-10-15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

[2008-06-12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[2008-04-14 00:21:12 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe

[2008-12-20 10:46:08 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

File not found -- -- (GbpSv [unknown | Running])

[2007-09-10 23:57:24 | 00,138,168 | ---- | M] (Google) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2005-06-10 18:19:38 | 00,869,888 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])

[2007-08-24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

[2007-08-24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2007-10-18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

[2007-10-25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

[2006-11-03 00:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[2008-10-15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])

[2008-10-15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])

 

========== Driver Services ==========

 

[2007-02-02 01:42:10 | 01,155,584 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])

[2008-04-17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2007-02-02 01:42:24 | 00,137,728 | R--- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2006-08-14 17:00:24 | 01,109,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Running])

[2005-06-10 18:12:12 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])

[2005-06-10 18:11:50 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass [system | Running])

[2005-06-10 12:11:44 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [system | Running])

[2007-02-02 01:42:16 | 04,374,016 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

[2007-02-02 01:42:26 | 01,706,752 | R--- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])

[2008-04-13 16:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])

[2001-10-28 12:07:14 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running])

[2001-10-28 12:07:14 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])

[2003-12-05 07:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])

[2001-10-28 12:07:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007-02-02 01:42:12 | 00,081,920 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Stopped])

[2008-04-13 16:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])

[2007-11-13 08:25:56 | 00,020,480 | R--- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])

[2008-04-13 16:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys -- (sffdisk [On_Demand | Running])

[2008-04-13 16:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Running])

[2004-05-28 19:04:14 | 00,303,104 | ---- | M] () -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd [On_Demand | Stopped])

[2001-08-17 22:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])

[2007-02-02 01:42:11 | 00,162,560 | R--- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])

[2004-05-03 11:47:12 | 00,020,092 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus [On_Demand | Stopped])

[2004-05-03 11:47:48 | 00,039,136 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgUsbDiag.sys -- (UsbDiag [On_Demand | Stopped])

[2004-05-03 11:48:30 | 00,041,664 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])

[2006-08-02 19:20:42 | 01,466,624 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\system32\drivers\usbVM305.sys -- (ZSMC0305 [On_Demand | Stopped])

[2008-05-20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])

[2007-02-27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [system | Running])

[2008-10-30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [system | Running])

[2007-03-01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [system | Stopped])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=&http://home.microsoft.com/intl/br/access/allinone.asp

"Start Page"=http://www.google.com.br/

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=&http://home.microsoft.com/intl/br/access/allinone.asp

"Start Page"=http://www.google.com.br/

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

========== (O1) Hosts File ==========

 

HOSTS File = (774 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (HKLM) -- C:\Arquivos de programas\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Arquivos de programas\Google\GoogleToolbar1.dll (Google Inc.)

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)

{C41A1C0E-EA6C-11D4-B1B8-444553540000} (HKLM) -- C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Arquivos de programas\Google\GoogleToolbar1.dll (Google Inc.)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Arquivos de programas\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Arquivos de programas\Google\GoogleToolbar1.dll (Google Inc.)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Arquivos de programas\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Arquivos de programas\Google\GoogleToolbar1.dll (Google Inc.)

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Arquivos de programas\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)

"BigDog305"=C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) (Vimicro)

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

"InCD"=C:\Arquivos de programas\Ahead\InCD\InCD.exe (Nero AG)

"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found

"Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)

"snpstd"=C:\WINDOWS\vsnpstd.exe ()

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CoolSMS"= File not found

"Google Update"="C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c (Google Inc.)

"PowerBar"= File not found

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CoolSMS"= File not found

"Google Update"="C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c (Google Inc.)

"PowerBar"= File not found

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

 

========== (O4) Startup Folders ==========

 

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"DisableRegistryTools"=0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"DisableRegistryTools"=0

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

Add to AMV Convert Tool...: C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html [2006-02-16 10:37:38 | 00,000,890 | ---- | M] ()

E&xportar para o Microsoft Excel: C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

MediaManager tool grab multimedia file: C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html [2006-02-15 09:30:44 | 00,000,890 | ---- | M] ()

 

[HKEY_USERS\S-1-5-21-839522115-2000478354-2147074499-500\Software\Microsoft\Internet Explorer\MenuExt\]

Add to AMV Convert Tool...: C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html [2006-02-16 10:37:38 | 00,000,890 | ---- | M] ()

E&xportar para o Microsoft Excel: C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

MediaManager tool grab multimedia file: C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html [2006-02-15 09:30:44 | 00,000,890 | ---- | M] ()

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 05:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Enviar para o OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 03:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: &Enviar para o OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 03:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-12-07 15:08:02 | 01,377,576 | ---- | M] (Skype Technologies S.A.)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 16:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 00:21:10 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 00:21:10 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab -- MSN Photo Upload Tool

{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object

{83AFB5CA-ED35-11D4-A452-0080C8D85045}: http://200.212.184.212/g_bin/eng/poker_2_0_0_47.cab -- GameDesire Poker Games

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{9122D757-5A4F-4768-82C5-B4171D8556A7}: http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab -- PhotoPickConvert Class

{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6}: http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab -- BatchDownloader Class

{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

{DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931}: https://imagem.caixa.gov.br/cab/gbpdist.cab -- GbpDistObj Class

{E62D1A95-8299-4B94-85D0-731DC125A60D}: http://chinchila.dyndns.org/ocx/IMMP4Control.cab -- IMMP4Control Control

{F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}: https://secure.gopetslive.com/dev/GoPetsWeb.cab -- GoPetsWeb Control

 

========== (O17) DNS Name Servers ==========

 

{0F8781AD-216F-47B1-BF64-8CA426C2213E} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

{2805DC03-DDDC-4C5D-817A-FD45DBA3B7EE} (Servers: | Description: Adaptador de rede 1394)

{40334DF5-0895-4DD8-B765-4360622BB2DE} (Servers: | Description: )

{877FA2CA-F4B3-4C1D-81DB-408D66D4B339} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

GbPluginBb: "DllName" = C:\ARQUIV~1\GbPlugin\gbieh.dll -- C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

GbPluginCef: "DllName" = C:\Arquivos de programas\GbPlugin\gbiehCef.dll -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll File not found

igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}" (HKLM) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" (HKLM) -- C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2007-09-07 15:03:50 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

 

 

========== MountPoints2 ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86c9b0f6-5d64-11dc-b493-ede68664be20}\Shell\AutoRun\command]

""=mp3.exe

 

========== Files/Folders - Created Within 30 Days ==========

 

[4 C:\WINDOWS\*.tmp files]

[2008-12-20 11:05:59 | 00,001,957 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk

[2008-12-20 11:05:51 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2008-12-20 11:05:51 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2008-12-20 11:05:51 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2008-12-20 11:05:49 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2008-12-20 11:05:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

[2008-12-20 11:05:49 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Avira

[2008-12-20 10:59:36 | 22,058,104 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\antivir_workstation_winu_en_h.exe

[2008-12-20 10:46:07 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTViewIt.exe

[2008-12-18 23:32:56 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31728.exe

[2008-12-18 23:32:56 | 00,000,000 | ---D | C] -- C:\ComboFix

[2008-12-18 21:18:07 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF5306.exe

[2008-12-18 21:12:25 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4196.exe

[2008-12-18 21:09:57 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2008-12-18 21:09:55 | 00,261,856 | ---- | C] () -- C:\cmldr

[2008-12-18 21:09:52 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2008-12-18 21:06:23 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2008-12-18 21:06:23 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2008-12-18 21:06:23 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2008-12-18 21:06:23 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2008-12-18 21:06:23 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe

[2008-12-18 21:06:23 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2008-12-18 21:06:23 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2008-12-18 21:06:23 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

[2008-12-18 21:06:23 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2008-12-18 21:06:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2008-12-18 21:06:20 | 00,000,000 | ---D | C] -- C:\Qoobox

[2008-12-18 21:06:19 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3004.exe

[2008-12-18 21:04:47 | 02,885,135 | R--- | C] () -- C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

[2008-12-16 20:42:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes

[2008-12-16 20:42:36 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008-12-16 20:42:36 | 00,000,770 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008-12-16 20:42:34 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-12-16 20:42:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2008-12-16 20:42:33 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2008-12-16 20:37:55 | 02,539,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Desktop\mbam-setup.exe

[2008-12-14 12:56:21 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrador\Desktop\~$rterinha.doc

[2008-12-14 02:12:48 | 00,001,840 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\HijackThis.lnk

[2008-12-14 02:01:07 | 00,178,591 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Administrador\Desktop\bankerfix.exe

[2008-12-10 18:40:28 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008-12-07 11:19:03 | 00,007,071 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\N360BUOptions.ini

[2008-12-02 09:29:27 | 00,000,001 | -HS- | C] () -- C:\MSDOS.INF

 

========== Files - Modified Within 30 Days ==========

 

[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[1 C:\Documents and Settings\Administrador\Desktop\*.tmp files]

[2008-12-20 11:49:13 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\Administrador\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2008-12-20 11:31:07 | 00,060,416 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-20 11:05:59 | 00,001,957 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk

[2008-12-20 11:04:46 | 22,058,104 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\antivir_workstation_winu_en_h.exe

[2008-12-20 10:46:08 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTViewIt.exe

[2008-12-20 10:12:00 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-12-20 10:11:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-12-20 10:11:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-12-18 23:32:52 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31728.exe

[2008-12-18 21:18:01 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF5306.exe

[2008-12-18 21:12:21 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4196.exe

[2008-12-18 21:09:57 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2008-12-18 21:06:16 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3004.exe

[2008-12-18 21:06:03 | 02,885,135 | R--- | M] () -- C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

[2008-12-18 18:35:30 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2008-12-16 21:25:51 | 00,001,840 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\HijackThis.lnk

[2008-12-16 20:42:36 | 00,000,770 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008-12-16 20:42:08 | 02,539,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Desktop\mbam-setup.exe

[2008-12-14 15:44:01 | 00,084,480 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\carterinha.doc

[2008-12-14 12:56:21 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrador\Desktop\~$rterinha.doc

[2008-12-14 02:01:09 | 00,178,591 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Administrador\Desktop\bankerfix.exe

[2008-12-13 04:37:59 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2008-12-13 04:37:59 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2008-12-10 18:42:25 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-12-10 18:40:28 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2008-12-08 19:24:29 | 04,240,132 | -H-- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\IconCache.db

[2008-12-07 11:19:03 | 00,007,071 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\N360BUOptions.ini

[2008-12-03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-12-03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008-12-02 19:26:30 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-12-02 09:29:27 | 00,000,001 | -HS- | M] () -- C:\MSDOS.INF

[2008-11-29 02:57:45 | 00,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI

< End of report >

 

 

 

-----------

Obrigada por enquanto... aguardo mais informações.

 

fiquei um pouco perdida com tanto log... faltou algum?

[MGuitar 11]

Vá em Iniciar > Executar, digite (ou copie e cole): sysdm.cpl e tecle Enter. Clique na aba Restauração do Sistema e marque a opção Desativar restauração do sistema > OK. Deixe, por enquanto, esta opção marcada.

 

Abra o bloco de notas de seu computador (Iniciar > Todos Programas > Acessórios > Bloco de Notas) e cole este conteúdo abaixo dentro do bloco. Salve-o em seu desktop com o nome rem.reg

 

REGEDIT 4

 

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86c9b0f6-5d64-11dc-b493-ede68664be20}\Shell\AutoRun\command]

 

Dê um duplo clique neste arquivo criado e clique em Sim na mensagem que aparecer.

 

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.

 

Tutorial Kaspersky Online Scanner

 

Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.

[Flavia Elaine 0]

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Monday, December 22, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Monday, December 22, 2008 21:52:41

Records in database: 1501730

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

F:\

 

Scan statistics:

Files scanned: 80181

Threat name: 2

Infected objects: 2

Suspicious objects: 0

Duration of the scan: 01:06:49

 

 

File name / Threat name / Threats count

C:\Arquivos de programas\MP3 Player Utilities 4.00\DelDrv.exe Infected: not-a-virus:RiskTool.Win32.Deleter.e 1

C:\Documents and Settings\Administrador\Configurações locais\Temp\Av-test.txt Infected: EICAR-Test-File 1

 

The selected area was scanned.

[MGuitar 11]

Opa Flávia, já estamos finalizando os procedimentos.

 

1ª Etapa

 

- Baixe o CCleaner e instale o programa (sem instalar a barra do Yahoo no final da instalação).

 

- Feche todas as janelas abertas, execute o programa após instalado, clique em Analisar > Executar Limpeza;

- Após isto, vá em Meu Computador e clique no menu Ferramentas > Opções de pasta > Modo de Exibição. Marque a opção Mostrar pastas e arquivos ocultos e desmarque a opção Ocultar as extensões dos tipos de arquivos conhecidos > OK.

Vá nas pastas abaixo e delete o arquivo que destaquei em vermelho abaixo (caso ele ainda esteja na pasta):

 

C:\Documents and Settings\Administrador\Configurações locais\Temp > Av-test.txt.

 

Em seguida, vá em Iniciar > Executar, digite (ou copie e cole): sysdm.cpl e tecle Enter. Clique na aba Restauração do Sistema e desmarque a opção Desativar restauração do sistema > OK.

 

 

2ª Etapa

 

 

- Baixe o Dr.WebCureit e salve no desktop;

 

● Execute o arquivo drweb-cureit.exe;

● Clique em Iniciar e escolha a verificação express scan;

● Se for encontrado, algum ficheiro infectado, clique no botão yes, para acionar a cura.

● Quando o scan rápido terminar, clique em Opções > Alterar Definições.

● Na aba Verificação, desmarque a Análise Heurística e confirme!

● De volta à janela principal, marque os drives que deseja examinar

● Selecione todos! Um ponto vermelho, vai indicar os drives selecionados.

● Clique na seta verde, para iniciar o exame.

 

 

● Caso haja uma solicitação, para curar/mover o arquivo, clique em Sim, para todos.

● Quando o exame terminar, observe se o ícone "objetos encontrados" está habilitado.

● Se estiver, clique nele!

● À seguir clique no ícone, logo abaixo, e selecione: Mover incurable

 

 

● Caso o programa não possa curá-los, ele irá move-los para a pasta Quarentena, no diretório DoctorWeb.

● Feito isto, vá no menu superior e clique na opção Ficheiros > Guardar listas de arquivos.

● Salve a lista no desktop ( DrWeb.csv ) <-- Relatório para postagem!

● Feche o programa!

● Reinicie o computador, para que o programa termine de deletar/mover, os arquivos que estavam sendo utilizados.

 

Na sua próxima resposta, preciso de um novo log do HijackThis e o log do Dr.WebCureit.

 

OBS: O log do Dr.WebCureit pode ficar um pouco extenso talvez, caso fique realmente grande, upe o log no host aqui abaixo e cole em sua resposta o link para download:

 

http://rapidshare.com/

[Flavia Elaine 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:37, on 2008-12-24

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\VM305_STI.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.0.6:3128

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_47.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://chinchila.dyndns.org/ocx/IMMP4Control.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

 

--

End of file - 9862 bytes

---------------------------------------------------

ADPHONE.exe C:\Arquivos de programas\ADPHONE3 Modificação de BackDoor.Generic.1353 Movido.

Zip.SFX C:\Arquivos de programas\WinRAR Trojan.DownLoad.22242 Eliminado.

psexec.cfexe C:\ComboFix Program.PsExec.171 Incurável.Movido.

stream002\adphone.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Downloaded Installations\{22EE0DEC-A692-49BB- Modificação de BackDoor.Generic.1353

stream002 C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Downloaded Installations\{22EE0DEC-A692-49BB- O arquivo contém objectos infectados

ADPHONE3Upgrade.msi C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Downloaded Installations\{22EE0DEC-A692-49BB- O arquivo contém objectos infectados Movido.

data002\32788R22FWJFW\psexec.cfexe C:\Documents and Settings\Administrador\Desktop\ComboFix.exe\data002 Program.PsExec.171

data002 C:\Documents and Settings\Administrador\Desktop\ComboFix.exe O arquivo contém objectos infectados

ComboFix.exe C:\Documents and Settings\Administrador\Desktop O arquivo contém objectos infectados Movido.

Dc2.txt C:\RECYCLER\S-1-5-21-839522115-2000478354-2147074499-500 EICAR Test File (NOT a Virus!) Incurável.Movido.

A0000004.exe C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP1 Modificação de BackDoor.Generic.1353 Movido.

stream002\adphone.exe C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP1\A0000005.msi\stream002 Modificação de BackDoor.Generic.1353

stream002 C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP1\A0000005.msi O arquivo contém objectos infectados

A0000005.msi C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP1 O arquivo contém objectos infectados Movido.

data002\32788R22FWJFW\psexec.cfexe C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP1\A0000006.exe\data002 Program.PsExec.171

data002 C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP1\A0000006.exe O arquivo contém objectos infectados

A0000006.exe C:\System Volume Information\_restore{68613A5A-D3AF-4A66-B13B-8F11145C3E0A}\RP1 O arquivo contém objectos infectados Movido.

-------------------------------

[MGuitar 11]

Vá em Iniciar > Executar, digite: combofix /u e dê um Enter. Na próxima janela clique em Executar para remover a ferramenta ComboFix.

 

Desative e ative novamente a Restauração do Sistema novamente.

 

- Faça o download do ToolsCleaner e salve no desktop;

 

- Feche todas as janelas abertas e dê um duplo clique no ícone do programa para executá-lo:

- Clique no botão Recherche para iniciar o scan e aguarde:

- Quando o scan terminar, será apresentado os itens que serão removidos;

- Clique no botão Supression para remover os itens encontrados e depois clique em Quitter para que o programa se feche e o log será gerado;

- O log estará em C:\TCleaner.txt.

 

Cole este log do ToolsCleaner em sua próxima resposta.

 

Os logs aparentemente estão limpos. Como está a máquina?

[Flavia Elaine 0]

MGuitar, Aqui está o Log!

 

[ Rapport ToolsCleaner version 2.2.9 (par A.Rothstein & dj QUIOU) ]

 

-->- Recherche:

 

C:\Combofix: trouvé !

C:\!Killbox: trouvé !

C:\Qoobox: trouvé !

C:\Arquivos de programas\Trend Micro\HijackThis: trouvé !

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe: trouvé !

C:\Arquivos de programas\Trend Micro\HijackThis\hijackthis.log: trouvé !

C:\ComboFix\Combofix.txt: trouvé !

C:\Documents and Settings\Administrador\Desktop\HijackThis.lnk: trouvé !

C:\Documents and Settings\Administrador\Desktop\OTViewIt.txt: trouvé !

C:\Documents and Settings\Administrador\Desktop\OTViewIt.exe: trouvé !

C:\Documents and Settings\Administrador\Desktop\Atalhos não utilizados da área de trabalho\HijackThis.lnk: trouvé !

C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\ComboFix.exe: trouvé !

C:\Documents and Settings\All Users\Menu Iniciar\Programas\HijackThis: trouvé !

C:\Documents and Settings\All Users\Menu Iniciar\Programas\HijackThis\HijackThis.lnk: trouvé !

C:\Hijack\HJTInstall.exe: trouvé !

C:\WINDOWS\NIRCMD.exe: trouvé !

 

---------------------------------

-->- Suppression:

 

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe: supprimé !

C:\Documents and Settings\Administrador\Desktop\HijackThis.lnk: supprimé !

C:\Documents and Settings\Administrador\Desktop\Atalhos não utilizados da área de trabalho\HijackThis.lnk: supprimé !

C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\ComboFix.exe: supprimé !

C:\Documents and Settings\All Users\Menu Iniciar\Programas\HijackThis\HijackThis.lnk: supprimé !

C:\Hijack\HJTInstall.exe: supprimé !

C:\Arquivos de programas\Trend Micro\HijackThis\hijackthis.log: supprimé !

C:\ComboFix\Combofix.txt: supprimé !

C:\Documents and Settings\Administrador\Desktop\OTViewIt.txt: supprimé !

C:\Documents and Settings\Administrador\Desktop\OTViewIt.exe: supprimé !

C:\WINDOWS\NIRCMD.exe: supprimé !

C:\Combofix: supprimé !

C:\!Killbox: supprimé !

C:\Qoobox: supprimé !

C:\Arquivos de programas\Trend Micro\HijackThis: supprimé !

C:\Documents and Settings\All Users\Menu Iniciar\Programas\HijackThis: supprimé !

 

 

----------------

 

 

O meu computador está bom denovo!!! Não mando mais e-mails sem querer!!!!

Muito obrigada mesmo!!!!

 

Desejo a você e a sua família um bom Natal e um Ano Novo repleto de realizações!!!!

 

Obrigadaaaaa!!!!

[MGuitar 11]

Flavia Elaine,

 

Delete a ferramenta ToolsCleaner e seu log. Delete também o programa Dr.WebCureit caso esteja aí ainda.

 

Os logs estão limpos.

 

Feliz Natal e um feliz Ano Novo para você e sua família também. Muita saúde, paz e realizações pra todos vocês. :thumbsup:

 

Um grande abraço

[MGuitar 11]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.