[Resolvido!] Ferramenta de remoção de software mal intencinado?

[carol2906 0]

Olá DigRam

 

Fiz como você falou, instalei o SP3 e o IE8, mas não deu o erro que tinha que dar e depois que o pc foi reiniciado continuou dando a mesma mensagem de antes...

Até mais.

[DigRam 144]

Olá DigRam

 

Fiz como você falou, instalei o SP3 e o IE8, mas não deu o erro que tinha que dar e depois que o pc foi reiniciado continuou dando a mesma mensagem de antes...

Até mais.

---------------------

Opa! carol2906

 

<!> Façamos a pesquisa,na busca por malwares que infectam executáveis e podem causar o erro.

---------------------

<@> Baixe: < >

<@> Salve-o no desktop!

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

 

Neste modo são verificados os seguintes objectos:

 

* Sectores de Arranque de Todos os Discos. <--

 

* Todas as Unidades Removíveis. <--

 

* Todos os Discos Locais. <--

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Procure salvá-lo em um local adequado. ( DrWeb.csv )

<@> Poste: DrWeb.csv + HijackThis,atualizado.

 

Abraços!

[carol2906 0]

Seguem os logs do hijackthis e drweb,

Não surgiu mensagem pra desinfectar no drweb...

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:48, on 2009-02-02

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PSIService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Documents and Settings\Karol\Desktop\drweb-cureit.exe

C:\DOCUME~1\Karol\CONFIG~1\Temp\RarSFX0\_start.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\DOCUME~1\Karol\CONFIG~1\Temp\RarSFX0\setup.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020909 serial=DR12WEX-1504397-KTY lang=BP

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Windows Defender] VSFPNC

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-725345543-688789844-2147238677-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrador')

O4 - S-1-5-18 Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')

O4 - .DEFAULT Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe

O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe

O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe

O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe

O4 - Global Startup: Register Genuine Fractals PrintPro 5.0.lnk = C:\Arquivos de programas\onOne Software\Genuine Fractals\Register Genuine Fractals PrintPro 5.0.exe

O4 - Global Startup: STK017 PNP Monitor.lnk = ?

O4 - Global Startup: UP02.exe

O4 - Global Startup: Windows UpdateSP1.exe

O4 - Global Startup: Windows UpdateSP2.exe

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.oifotos.com/custom/send2/ImageUploader5.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155

O17 - HKLM\System\CS1\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: ServiceLayer - Unknown owner - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (file missing)

 

--

End of file - 14468 bytes

 

 

*******************************************************************************

 

 

windows updatesp1.exe c:\documents and settings\all users\menu iniciar\programas\inicializar Provavelmente DLOADER.Trojan

windows updatesp2.exe c:\documents and settings\all users\menu iniciar\programas\inicializar Provavelmente DLOADER.Trojan

Windows UpdateSP1.exe C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar Provavelmente DLOADER.Trojan

Windows UpdateSP2.exe C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar Provavelmente DLOADER.Trojan

removewga.exe C:\Documents and Settings\Karol\Desktop Tool.RemoveWGA

BOOTSEEK01.BAK C:\WINDOWS Provavelmente DLOADER.Trojan

BOOTSEEK02.BAK C:\WINDOWS Provavelmente DLOADER.Trojan

WindowsUpdateSP1.exe C:\WINDOWS Provavelmente DLOADER.Trojan

 

Ate mais.

[DigRam 144]

Boa Noite! carol2906

 

<!> Abra o HijackThis --> Clique: Do a system scan only

 

O4 - Global Startup: UP02.exe

O4 - Global Startup: Windows UpdateSP1.exe

O4 - Global Startup: Windows UpdateSP2.exe

 

<!> Marque,àcima,estas entradas. --> Clique em Fix checked. --> Sim!

-----------------------------

<@> Baixe: < OTMoveIt3 >

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Files

c:\documents and settings\all users\menu iniciar\programas\inicializar\windows updatesp1.exe

c:\documents and settings\all users\menu iniciar\programas\inicializar\windows updatesp2.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows UpdateSP1.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows UpdateSP2.exe

C:\WINDOWS\WindowsUpdateSP1.exe

C:\WINDOWS\BOOTSEEK01.BAK

C:\WINDOWS\BOOTSEEK02.BAK

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,há que observar o que foi gerado após sua execução.

 

Abraços!

[carol2906 0]

Seguem os relatórios :

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder c:\documents and settings\all users\menu iniciar\programas\inicializar\windows updatesp1.exe not found.

File/Folder c:\documents and settings\all users\menu iniciar\programas\inicializar\windows updatesp2.exe not found.

File/Folder C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows UpdateSP1.exe not found.

File/Folder C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows UpdateSP2.exe not found.

C:\WINDOWS\WindowsUpdateSP1.exe moved successfully.

C:\WINDOWS\BOOTSEEK01.BAK moved successfully.

C:\WINDOWS\BOOTSEEK02.BAK moved successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Karol\CONFIG~1\Temp\hpodvd09.log scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Karol\CONFIG~1\Temp\~DF7BDB.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Karol\CONFIG~1\Temp\~DF7DB1.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Karol\CONFIG~1\Temp\~DF7E33.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Karol\CONFIG~1\Temp\~DF7E72.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Karol\CONFIG~1\Temp\~DF7F98.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Karol\CONFIG~1\Temp\~DF7FD6.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6e0.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02022009_193734

 

*****************************************************************

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:41, on 2009-02-02

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PSIService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020909 serial=DR12WEX-1504397-KTY lang=BP

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Windows Defender] VSFPNC

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\RunOnce: [OTMoveIt] C:\Documents and Settings\Karol\Desktop\OTMoveIt3.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: STK017 PNP Monitor.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.oifotos.com/custom/send2/ImageUploader5.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155

O17 - HKLM\System\CS1\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: ServiceLayer - Unknown owner - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (file missing)

 

--

End of file - 13348 bytes

[DigRam 144]

Boa Noite! carol2906

 

<!> Abra o OTMoveIt3 e clique em CleanUp --> Aguarde a remoção das ferramentas!

----------------------------

<@> Baixe: < ComboFix.exe > ( ...by sUBs )

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

---------------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[carol2906 0]

Seguem os logs:

 

ComboFix 09-02-02.04 - Karol 2009-02-03 8:23:22.9 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.479.194 [GMT -2:00]

Executando de: c:\documents and settings\Karol\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\gb.dll

c:\windows\system32\scpLIB.dll

c:\windows\system32\scpMIB.dll

c:\windows\system32\scpsssh2.dll

c:\windows\system32\sshib.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ASUS

-------\Legacy_GBPSV

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-03 to 2009-02-03 ))))))))))))))))))))))))))))

.

 

2009-02-02 19:36 . 2009-02-02 19:36 <DIR> d-------- C:\backups

2009-02-02 08:54 . 2009-02-02 08:54 <DIR> d-------- c:\documents and settings\Karol\DoctorWeb

2009-02-01 22:14 . 2009-02-02 18:39 230,912 --a------ c:\windows\UP02.EXE

2009-02-01 19:22 . 2009-02-01 19:22 <DIR> d--h----- c:\windows\system32\GroupPolicy

2009-02-01 19:21 . 2009-02-01 19:21 30 --a------ C:\prefetch.bat

2009-02-01 19:03 . 2009-02-01 19:03 <DIR> d--hs---- c:\documents and settings\Karol\PrivacIE

2009-02-01 19:02 . 2009-02-01 19:02 <DIR> d--hs---- c:\documents and settings\Karol\IETldCache

2009-02-01 18:54 . 2009-02-01 18:56 <DIR> d--h-c--- c:\windows\ie8

2009-02-01 16:53 . 2009-02-01 16:57 <DIR> d-------- c:\windows\ServicePackFiles

2009-02-01 16:48 . 2006-12-28 12:01 19,569 --a------ c:\windows\003076_.tmp

2009-01-31 09:38 . 2009-01-31 09:38 <DIR> d-------- c:\windows\All Users

2009-01-30 21:54 . 2009-01-30 21:54 405,504 --a------ c:\windows\system32\snengine.exe

2009-01-30 21:54 . 2009-01-30 21:54 405,504 --a------ c:\windows\system32\snagos.exe

2009-01-30 21:54 . 2009-01-30 21:54 405,504 --a------ c:\windows\system32\scpibwct.bin

2009-01-30 21:54 . 2009-01-30 21:54 405,504 --a------ c:\windows\system32\scpiburl.bin

2009-01-30 21:54 . 2009-01-30 21:54 405,504 --a------ c:\windows\system32\scpibsig.bin

2009-01-30 21:54 . 2009-01-30 21:54 405,504 --a------ c:\windows\system32\scpibdns.bin

2009-01-30 21:54 . 2009-01-30 21:55 397,490 --a------ c:\windows\system32\wgaX2.dll

2009-01-30 13:38 . 2009-01-30 13:39 <DIR> d-------- c:\windows\system32\NtmsData

2009-01-30 12:12 . 2006-01-26 23:23 106,496 --a------ c:\windows\system32\atl71.dll

2009-01-30 12:00 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\mfc71.dll

2009-01-29 08:25 . 2009-01-29 08:25 405,504 --a------ c:\windows\system32\scpIBCfg.bin

2009-01-26 20:59 . 2009-01-26 20:59 <DIR> d-------- c:\documents and settings\Karol\Dados de aplicativos\Unity

2009-01-26 20:07 . 2009-01-26 20:07 <DIR> d-------- c:\arquivos de programas\Unity

2009-01-15 02:22 . 2009-01-15 02:22 53,248 --------- c:\windows\system32\msrating.dll.mui

2009-01-15 02:21 . 2009-01-15 02:21 2,560 --------- c:\windows\system32\mshta.exe.mui

2009-01-15 02:19 . 2009-01-15 02:19 81,920 --------- c:\windows\system32\iedkcs32.dll.mui

2009-01-15 02:19 . 2009-01-15 02:19 4,096 --------- c:\windows\system32\ie4uinit.exe.mui

2009-01-15 02:04 . 2009-01-15 02:04 18,944 -----c--- c:\windows\system32\dllcache\corpol.dll

2009-01-15 02:03 . 2009-01-15 02:03 724,992 -----c--- c:\windows\system32\dllcache\jscript.dll

2009-01-15 02:03 . 2009-01-15 02:03 420,352 -----c--- c:\windows\system32\dllcache\vbscript.dll

2009-01-13 18:31 . 2009-01-13 18:30 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-10 08:52 . 2009-01-10 08:52 <DIR> d-------- c:\documents and settings\Karol\Dados de aplicativos\Malwarebytes

2009-01-10 08:52 . 2009-01-10 08:52 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-01-09 19:26 . 2009-01-09 19:26 <DIR> d-------- C:\HiJackThis

2009-01-09 19:26 . 2007-06-28 14:36 401,720 --a------ C:\HijackThis.exe

2009-01-09 07:23 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-01-09 07:23 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-01-09 07:23 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-01-08 19:23 . 2009-01-08 19:23 <DIR> d-------- c:\arquivos de programas\Microsoft Office Outlook Connector

2009-01-08 19:22 . 2009-01-08 19:22 <DIR> d-------- c:\arquivos de programas\Microsoft Sync Framework

2009-01-08 19:22 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys

2009-01-08 19:21 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2009-01-08 19:20 . 2009-01-08 19:20 <DIR> d-------- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-01-08 19:18 . 2009-01-08 19:18 <DIR> d-------- c:\arquivos de programas\Windows Live SkyDrive

2009-01-08 19:18 . 2009-01-08 19:23 <DIR> d-------- c:\arquivos de programas\Microsoft

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-01 12:19 --------- d-----w c:\documents and settings\Karol\Dados de aplicativos\LimeWire

2009-01-30 23:54 --------- d-----w c:\arquivos de programas\GbPlugin

2009-01-13 20:30 --------- d-----w c:\arquivos de programas\Java

2009-01-12 14:14 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-01-11 23:37 --------- d-----w c:\arquivos de programas\Google

2009-01-09 17:41 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-01-08 21:22 --------- d-----w c:\arquivos de programas\Windows Live

2008-12-27 01:37 --------- d-----w c:\arquivos de programas\Ares

2008-12-14 22:52 --------- d-----w c:\documents and settings\Karol\Dados de aplicativos\ZoomBrowser EX

2008-12-14 22:52 --------- d-----w c:\documents and settings\Karol\Dados de aplicativos\CameraWindowDC

2008-12-10 12:08 --------- d-----w c:\arquivos de programas\Flickr Uploadr

2008-12-09 11:43 --------- d-----w c:\arquivos de programas\Cryo

2008-12-05 15:56 --------- d-----w c:\documents and settings\Karol\Dados de aplicativos\HTML Executable

2008-12-05 15:56 --------- d-----w c:\arquivos de programas\Arquivos comuns\HTML Executable Viewer

2008-12-05 01:03 308,072 ----a-w c:\windows\WLXPGSS.SCR

2007-11-10 17:00 2 ----a-w c:\arquivos de programas\history.rcd

2007-08-18 22:34 533 ----a-w c:\arquivos de programas\UnInst.log

2005-12-13 17:36 3,072 ----a-w c:\arquivos de programas\shlres.dll

2005-07-01 23:44 114,688 ----a-w c:\arquivos de programas\mcvsshl.dll

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

2002-04-09 19:16 622,592 ----a-w c:\arquivos de programas\recorder.exe

1998-02-12 19:54 149,504 ----a-w c:\arquivos de programas\convert.dll

2008-01-16 11:17 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 39408]

"AdobeUpdater"="c:\arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

"CorelDRAW Graphics Suite 11b"="c:\arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 729088]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-01-13 136600]

"fssui"="c:\arquivos de programas\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"Acrobat Assistant 8.0"="c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\soundman.exe]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2007-05-26 295606]

Adobe Acrobat Synchronizer.lnk - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GBPLUGIN\gbiehcef.dll" [2009-01-30 405504]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\arquiv~1\GbPlugin\gbiehabn.dll" [2009-01-30 405504]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ac3filter"= ac3filter.acm

"VIDC.ACDV"= ACDV.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]

"Script"=C:\prefetch.bat

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Lotus Organizer EasyClip.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Lotus Organizer EasyClip.lnk

backup=c:\windows\pss\Lotus Organizer EasyClip.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Lotus QuickStart.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Lotus QuickStart.lnk

backup=c:\windows\pss\Lotus QuickStart.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Lotus SmartCenter.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Lotus SmartCenter.lnk

backup=c:\windows\pss\Lotus SmartCenter.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Lotus SuiteStart.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Lotus SuiteStart.lnk

backup=c:\windows\pss\Lotus SuiteStart.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Register Genuine Fractals PrintPro 5.0.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Register Genuine Fractals PrintPro 5.0.lnk

backup=c:\windows\pss\Register Genuine Fractals PrintPro 5.0.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Karol^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

path=c:\documents and settings\Karol\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-26 31296]

R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2007-10-13 2944]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-08 55136]

R2 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]

R2 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-06-10 31232]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-11-10 16512]

S3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\drivers\STK017W2.sys [2007-05-26 99476]

S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [2007-07-07 30368]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-Uniblue RegistryBooster 2 - c:\arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to AMV Convert Tool... - c:\arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

IE: Add to AMV Converter... - c:\arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html

IE: Append to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

TCP: {1258BF82-97A1-47CC-B38D-07ECB68EC0A5} = 200.165.132.148 200.165.132.155

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.oifotos.com/custom/send2/ImageUploader5.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-03 08:30:22

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-725345543-688789844-2147238677-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{140AEECA-C77A-E180-A0EC-29B89A3878CB}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"oafhblphmbmjefnjebfdnemdjmomoh"=hex:64,61,6b,6b,6e,62,63,6e,00,80

"oabijhgcfjlkeenlmglninhbnhjhgm"=hex:6b,61,6b,6b,62,63,70,63,68,6a,6a,67,62,6c,

6d,64,64,6f,6f,6e,6c,6b,00,00

"naljdfjgoonlcmhapbkhegahhfgk"=hex:6b,61,6b,6b,62,63,70,63,68,6a,6a,67,62,6c,

6d,64,64,6f,6f,6e,6c,6b,00,00

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]

@DACL=(02 0000)

@="Internet Explorer User Accelerators"

"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"

"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"

"NoGPOListChanges"=dword:00000001

"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"

"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"

"RequiresSuccessfulRegistry"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]

@DACL=(02 0000)

@="802.3 Group Policy"

"DisplayName"=expand:"@dot3gpclnt.dll,-100"

"ProcessGroupPolicyEx"="ProcessLANPolicyEx"

"GenerateGroupPolicy"="GenerateLANPolicy"

"DllName"=expand:"dot3gpclnt.dll"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]

@DACL=(02 0000)

@="Internet Explorer Machine Accelerators"

"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"

"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"

"NoGPOListChanges"=dword:00000001

"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"

"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"

"RequiresSuccessfulRegistry"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

@DACL=(02 0000)

"Asynchronous"=dword:00000001

"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"

"Startup"="WlDimsStartup"

"Shutdown"="WlDimsShutdown"

"Logon"="WlDimsLogon"

"Logoff"="WlDimsLogoff"

"StartShell"="WlDimsStartShell"

"Lock"="WlDimsLock"

"Unlock"="WlDimsUnlock"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__GbPluginAbn]

@DACL=(02 0000)

"Asynchronous"=dword:00000000

"DllName"="c:\\Arquivos de programas\\GbPlugin\\gbiehabn.dll"

"Impersonate"=dword:00000000

"MaxWait"=dword:00000102

"Startup"="GbPluginEventStartup"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]

@DACL=(02 0000)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(796)

c:\arquivos de programas\GBPLUGIN\gbiehcef.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\PSIService.exe

c:\arquivos de programas\Canon\CAL\CALMAIN.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\windows\system32\msiexec.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-02-03 8:38:17 - Máquina reiniciou [Karol]

ComboFix-quarantined-files.txt 2009-02-03 10:38:00

 

Pré-execução: 18 pasta(s) 11,954,774,016 bytes disponíveis

Pós execução: 18 pasta(s) 11,934,220,288 bytes disponíveis

 

307 --- E O F --- 2009-01-14 04:12:21

 

 

 

________________________________________________________________________________

___________

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:46, on 03/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PSIService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020909 serial=DR12WEX-1504397-KTY lang=BP

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: STK017 PNP Monitor.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.oifotos.com/custom/send2/ImageUploader5.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155

O17 - HKLM\System\CS1\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: ServiceLayer - Unknown owner - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (file missing)

 

--

End of file - 12297 bytes

[DigRam 144]

Bom Dia! carol2906

 

<!> Como está o computador? O erro,ainda,permanece? :mellow:

-------------------------------

<!> Aplique este removedor,de resquícios do Norton.

 

< Norton Removal Tool (SymNRT) 2008.0.1.19 >

-------------------------------

<@> Baixe: < BankerFix 3.0 >

<@> Salve-o no Disco Local-C!

<@> Desabilite,temporariamente,o seu anti-vírus.

<@> Dê um duplo-clique sobre o bankerfix.exe.

<@> Ps: Execute o bankerfix.exe,apenas uma vez!Evitando,com isso,a sobrescrição de seu relatório.

<@> A janela do BankerFix 3.0,abrir-se-á com a seguinte pergunta: "Instalar o Bankerfix 3.0?" <-- Traduzido!

<@> Clique em Sim!

<@> Uma janela informando que o BankerFix 3.0 será baixado,via internet,abrir-se-á.

<@> Clique OK. <-- Aguarde!

<@> Na próxima janela,clique em OK.

<@> O BankerFix 3.0 será iniciado!

<@> Pressione qualquer tecla,para dar continuidade ao processo. <-- Aguarde!

<@> Terminado o scan,leia a mensagem na tela e aperte Enter.

<@> Habilite o seu anti-vírus.

<@> Retorne com o relatório,do BankerFix,que estará em: C:\LinhaDefensiva\relatorio.txt <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[carol2906 0]

Olá DigRam!

 

A mensagem ainda aparece, parece que não tem jeito de tirar aff... Até que ela não me atrapalha, mas tenho medo de deixar e depois dar algum problema maior né?...

 

Ah! e eu não tenho antivirus, eu tinha o mcaffe, mas meu irmão fuçou aqui e conseguiu a proeza de desinstalar... Me indicaram o Avira, eu instalei mas como o pc ficou muitoooo lento eu desinstalei de novo...

 

Segue o log do banker e hijack

 

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-02-03 - 16:44

-------------------------------------------------------

Lista de Definição: 2009-01-21-2 | CORE: 2009-01-21-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\scripts.ini

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\IIS_02.log

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

 

___________________________________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:50, on 03/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PSIService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020909 serial=DR12WEX-1504397-KTY lang=BP

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: STK017 PNP Monitor.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.oifotos.com/custom/send2/ImageUploader5.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155

O17 - HKLM\System\CS1\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Unknown owner - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (file missing)

 

--

End of file - 13047 bytes

[DigRam 144]

Boa Noite! carol2906

 

A mensagem ainda aparece, parece que não tem jeito de tirar aff... Até que ela não me atrapalha, mas tenho medo de deixar e depois dar algum problema maior né?...

<!> O problema ( pop-up ),não está associado à malwares. E,dificilmente,irá piorar....ficará nisso,até que seja resolvido/delineado sua origem.

------------------------

<!> Voçê utilizou o Norton Removal Tool?

------------------------

<!> Abra o HijackThis --> Clique: Do a system scan only

 

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

 

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

 

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll (file missing)

 

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

<!> Marque-as e clique em Fix checked.

------------------------

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE <--

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE <--

------------------------

<!> O log do HijackThis,mostra 2 processos ( iexplore.exe ),sendo iniciados.

<!> Verifique,pelo Gerenciador de tarefas,se possuem tamanho diferentes,ou são instâncias abertas,de um mesmo executável.

------------------------

<!> Poste: HijackThis,atualizado.

 

Abraços!

[carol2906 0]

Olá DigRam

 

Obrigado pela paciência em me ajudar...

 

Você perguntou se utilizei o Norton Removal Tool, bom no link que você passou eu baixei um programa chamado Spyware Doctor... seria este mesmo ou fiz algo errado?

 

Sobre os processos Iexplore.exe, realmente existem 2, está escrito o seguinte:

iexplore.exe karol 00 69.900k

iexplore.exe karol 00 4.688k

 

Segue o log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:00, on 04/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PSIService.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\system32\taskmgr.exe

C:\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020909 serial=DR12WEX-1504397-KTY lang=BP

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: STK017 PNP Monitor.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.oifotos.com/custom/send2/ImageUploader5.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155

O17 - HKLM\System\CS1\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Unknown owner - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (file missing)

 

--

End of file - 12603 bytes

[DigRam 144]

Bom Dia! carol2906

 

Obrigado pela paciência em me ajudar...

<!> A minha paciência é inesgotável! ^_^

 

Você perguntou se utilizei o Norton Removal Tool, bom no link que você passou eu baixei um programa chamado Spyware Doctor... seria este mesmo ou fiz algo errado?

<!> Era para baixar a ferramenta que remove ficheiros do Norton,e voçê instalou o SpywareDoctor.

<!> Mas...não se preocupe,pois é um ótimo antispyware. Voçê já o executou?

 

Sobre os processos Iexplore.exe, realmente existem 2, está escrito o seguinte:

iexplore.exe karol 00 69.900k

iexplore.exe karol 00 4.688k

<!> Isso,também,está ocorrendo comigo..desde a instalação do IE8.

------------------------------

<@> Baixe: < l2mfix >

<@> Salve-o no Desktop!

<@> Abra o programa e clique em Accept --> Clique em Install.

<@> Aparecerá,no Desktop,uma pasta! ( l2mfix )

<@> Execute o arquivo. ( l2mfix.bat )

<@> Aperte Enter!

<@> Digite o 1 ( Run Find Log ) --> Aperte Enter! <-- A opção 1,é apenas de diagnóstico!

<@> Surgirá um relatório ( L2MFIX find log ) que voçê deverá copiar e colar,na sua resposta.

 

Abraços!

[carol2906 0]

Olá DigRam

 

Consegui baixar o Norton Removal tools, estava rodando ele aqui desde as 9:20,mas deu 13:00 e ele tava na metade, como tava travando tudo eu finalizei e deixei pra rodar ele mais tarde...

 

Sobre o Spyware Doctor eu o executei, mas não deu pra limpar nada pois diz que tem que registrar ...

 

Segue o relatório do l2mfix:

 

L2MFIX find log 051206

These are the registry keys present

********************************************************************************

**

Winlogon/notify:

********************************************************************************

**

useragent:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

********************************************************************************

**

Shell Extension key:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"="GbPlugin ShlObj"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extrator de miniaturas de arquivo GDI+"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Identificador de informações de resumo de miniaturas (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extrator de miniaturas HTML"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"

@="CorelDRAW Shell Extension Component"

"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"

"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Pastas da Web"

"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"

"{0563DB41-F538-4B37-A92D-4659049B7766}"="WLMD Message Handler"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extensão PKO de criptografia"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extensão do sinal de criptografia"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task"

"{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar"

"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"

"{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar"

"{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site"

"{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band"

"{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List"

"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"

"{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu"

"{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand"

"{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"

"{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List"

"{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder"

"{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container"

"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture"

"{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"

"{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility"

"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"

"{06A2568A-CED6-4187-BB20-400B8C02BE5A}"=""

"{00F33137-EE26-412F-8D71-F84E4C2C6625}"=""

"{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}"="Windows Live Photo Gallery Autoplay Drop Target"

"{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}"="Windows Live Photo Gallery Viewer Drop Target"

"{00F374B7-B390-4884-B372-2FC349F2172B}"="Windows Live Photo Gallery Editor Drop Target"

"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}"="Windows Live Photo Gallery Viewer Drop Target Shim"

"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}"="Windows Live Photo Gallery Editor Drop Target Shim"

"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"="Windows Live Photo Gallery Autoplay Drop Target Shim"

"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"

"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}"="Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"="Groove GFS Browser Helper"

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"="Groove GFS Explorer Bar"

"{A449600E-1DC6-4232-B948-9BD794D62056}"="Groove GFS Stub Icon Handler"

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

"{6C467336-8281-4E60-8204-430CED96822D}"="Groove GFS Context Menu Handler"

"{387E725D-DC16-4D76-B310-2C93ED4752A0}"="Groove XML Icon Handler"

"{16F3DD56-1AF5-4347-846D-7C10C4192619}"="Groove Explorer Icon Overlay 3 (GFS Folder)"

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"="Groove Explorer Icon Overlay 2 (GFS Stub)"

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"="Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}"="Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}"="Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}"="Microsoft Office Metadata Handler"

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}"="Microsoft Office Thumbnail Handler"

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"="GbPlugin ShlObj"

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning"

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"

"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"

"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"

"{11016101-E366-4D22-BC06-4ADA335C892B}"="IE History and Feeds Shell Data Source for Windows Search"

"{25336920-03f9-11cf-8fd0-00aa00686f13}"="HTML Document"

"{3050f3d9-98b5-11cf-bb82-00aa00bdce0b}"="MSHTML Document"

"{8856f961-340a-11d0-a96b-00c04fd705a2}"="Microsoft Web Browser"

 

********************************************************************************

**

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{06A2568A-CED6-4187-BB20-400B8C02BE5A}]

"AppId"="{06A2568A-CED6-4187-BB20-400B8C02BE5A}"

 

[HKEY_CLASSES_ROOT\CLSID\{06A2568A-CED6-4187-BB20-400B8C02BE5A}\LocalServer32]

@="C:\\Arquivos de programas\\Windows Live\\Photo Gallery\\WLXPhotoAcquireWizard.exe"

"ServerExecutable"="C:\\Arquivos de programas\\Windows Live\\Photo Gallery\\WLXPhotoAcquireWizard.exe"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{00F33137-EE26-412F-8D71-F84E4C2C6625}]

@="Windows Live Photo Gallery Viewer Autoplay Shim"

 

[HKEY_CLASSES_ROOT\CLSID\{00F33137-EE26-412F-8D71-F84E4C2C6625}\InprocServer32]

@="C:\\Arquivos de programas\\Windows Live\\Photo Gallery\\PhotoViewerShim.dll"

"ThreadingModel"="Apartment"

 

********************************************************************************

**

Files Found are not all bad files:

[DigRam 144]

Boa Tarde! carol2906

 

**

Files Found are not all bad files:

<!> O log está incompleto,pois abaixo desta linha existem mais informações.

<!> Quanto ao SpywareDoctor,daria para colar o que foi detectado como malware.

-----------------------------

<!> Estabeleça um Ponto de Restauração do sistema,ao executar o procedimento abaixo:

<!> Rode,novamente,o l2mfix e escolha a opção 2 --> Enter.

<!> Aguarde a conclusão!

<!> Haverá reboot do computador e,depois,abrir-se-à o relatório. ( log.txt )

 

Abraços!

[carol2906 0]

Olá DigRam

 

Quando executei o l2mfix e escolhi a opção 2, pediu uma senha que eu não sei qual é... deu um erro e continuou executando, vê se tá tudo certo...

 

Agora sim parece que o primeiro log está completo:

 

L2MFIX find log 051206

These are the registry keys present

********************************************************************************

**

Winlogon/notify:

********************************************************************************

**

useragent:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

********************************************************************************

**

Shell Extension key:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"="GbPlugin ShlObj"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extrator de miniaturas de arquivo GDI+"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Identificador de informações de resumo de miniaturas (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extrator de miniaturas HTML"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"

@="CorelDRAW Shell Extension Component"

"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"

"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Pastas da Web"

"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"

"{0563DB41-F538-4B37-A92D-4659049B7766}"="WLMD Message Handler"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extensão PKO de criptografia"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extensão do sinal de criptografia"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task"

"{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar"

"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"

"{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar"

"{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site"

"{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band"

"{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List"

"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"

"{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu"

"{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand"

"{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"

"{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List"

"{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder"

"{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container"

"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture"

"{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"

"{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility"

"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"

"{06A2568A-CED6-4187-BB20-400B8C02BE5A}"=""

"{00F33137-EE26-412F-8D71-F84E4C2C6625}"=""

"{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}"="Windows Live Photo Gallery Autoplay Drop Target"

"{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}"="Windows Live Photo Gallery Viewer Drop Target"

"{00F374B7-B390-4884-B372-2FC349F2172B}"="Windows Live Photo Gallery Editor Drop Target"

"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}"="Windows Live Photo Gallery Viewer Drop Target Shim"

"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}"="Windows Live Photo Gallery Editor Drop Target Shim"

"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"="Windows Live Photo Gallery Autoplay Drop Target Shim"

"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"

"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}"="Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"="Groove GFS Browser Helper"

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"="Groove GFS Explorer Bar"

"{A449600E-1DC6-4232-B948-9BD794D62056}"="Groove GFS Stub Icon Handler"

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

"{6C467336-8281-4E60-8204-430CED96822D}"="Groove GFS Context Menu Handler"

"{387E725D-DC16-4D76-B310-2C93ED4752A0}"="Groove XML Icon Handler"

"{16F3DD56-1AF5-4347-846D-7C10C4192619}"="Groove Explorer Icon Overlay 3 (GFS Folder)"

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"="Groove Explorer Icon Overlay 2 (GFS Stub)"

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"="Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}"="Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}"="Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}"="Microsoft Office Metadata Handler"

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}"="Microsoft Office Thumbnail Handler"

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"="GbPlugin ShlObj"

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning"

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"

"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"

"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"

"{11016101-E366-4D22-BC06-4ADA335C892B}"="IE History and Feeds Shell Data Source for Windows Search"

"{25336920-03f9-11cf-8fd0-00aa00686f13}"="HTML Document"

"{3050f3d9-98b5-11cf-bb82-00aa00bdce0b}"="MSHTML Document"

"{8856f961-340a-11d0-a96b-00c04fd705a2}"="Microsoft Web Browser"

 

********************************************************************************

**

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{06A2568A-CED6-4187-BB20-400B8C02BE5A}]

"AppId"="{06A2568A-CED6-4187-BB20-400B8C02BE5A}"

 

[HKEY_CLASSES_ROOT\CLSID\{06A2568A-CED6-4187-BB20-400B8C02BE5A}\LocalServer32]

@="C:\\Arquivos de programas\\Windows Live\\Photo Gallery\\WLXPhotoAcquireWizard.exe"

"ServerExecutable"="C:\\Arquivos de programas\\Windows Live\\Photo Gallery\\WLXPhotoAcquireWizard.exe"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{00F33137-EE26-412F-8D71-F84E4C2C6625}]

@="Windows Live Photo Gallery Viewer Autoplay Shim"

 

[HKEY_CLASSES_ROOT\CLSID\{00F33137-EE26-412F-8D71-F84E4C2C6625}\InprocServer32]

@="C:\\Arquivos de programas\\Windows Live\\Photo Gallery\\PhotoViewerShim.dll"

"ThreadingModel"="Apartment"

 

********************************************************************************

**

Files Found are not all bad files:

O volume na unidade C não tem nome.

O número de série do volume é A0CA-4D67

 

Pasta de C:\WINDOWS\System32

 

01/02/2009 18:59 <DIR> dllcache

09/01/2009 23:25 10.240 Thumbs.db

16/01/2008 09:17 2.828 KGyGaAvL.sys

18/05/2007 09:32 <DIR> Microsoft

2 arquivo(s) 13.068 bytes

2 pasta(s) 11.616.698.368 bytes disponíveis

________________________________________________________________

 

Não tinha nenhuma opção pra salvar relatório do SpywareDoctor, e nem como copiar, então eu dei print:

 

 

 

________________________________________________________________

 

L2mfix 051206

Creating Account.

Comando conclu¡do com ˆxito.

 

Adding Administrative privleges.

Checking for L2MFix account(0=no 1=yes):

1

Granting SeDebugPrivilege to L2MFIX ... successful

Checking for L2MFix account(0=no 1=yes):

0

Zipping up files for submission:

zip warning: name not matched: dlls\*.*

 

zip error: Nothing to do! (backup.zip)

zip warning: name not matched: backregs\*.reg

 

zip error: Nothing to do! (backup.zip)

[carol2906 0]

Olá DigRam

 

Estava tentando editar mas tá dando pau aqui, por isso tô postando como outra resposta ok?

 

Desta vez que liguei o pc não apareceu a mensagem pra inserir o cd, depois eu vou reiniciar de novo e ver se continua assim, tomara ...

 

Só tem 2 probleminhas, desde ontem, o pc tá travando o tempo todo, até pra abrir bloco de notas, e também desde ontem o messenger não entra, dá um erro: 8000401a, pesquisei no google sobre este erro mas não tive sucesso com as tentativas de que ele voltasse... Será que pode ser devido a algum programa que executei ontem? Algum deles bloqueia o msn? Tá osso de mexer aqui, como tá travando o explorer toda hora eu tenho que finalizar o processo e mandar executar de novo..

 

Abraços.

[DigRam 144]

Boa Noite! carol2906

 

<!> As detecções do SpywareDoctor,não foram muito importantes,para sanar o problema.

-----------------------------

<@> Baixe: < ToolsCleaner > (...par A.Rothstein & dj QUIOU )

<@> Salve-o no desktop!

<@> Feche programas que estejam abertos,e execute a ferramenta.

<@> Clique no botão Recherche,para iniciar o scan. <-- Aguarde!

<@> Terminando,teremos relacionados os itens que serão removidos.

<@> Clique no botão Supression para remover os itens encontrados.

<@> Clique,à seguir,em Quitter.

<@> Poste o relatório: ( C:\TCleaner.txt ) <--

-----------------------------

<!> Voçê chegou a baixar o RSIT,conforme instruções passadas? Se não o fez,já está na hora.

<!> Execute-o e poste os seus relatórios: log.txt + info.txt

 

Abraços!

[carol2906 0]

Olá DigRam

 

Era muito bom pra ser verdade, reiniciei e a mensagem voltou a aparecer...

 

Executei o RSit,seguem os logs... porém não obtive sucesso ao executar o ToolsCleaner, trava tudo e mesmo reiniciando não deu...

 

Desinstalei o msn e depois tento reinstalar pra ver se resolve algo.

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Karol at 2009-02-04 20:56:11

Microsoft Windows XP Professional Service Pack 3

System drive C: has 11 GB (31%) free of 35 GB

Total RAM: 479 MB (30% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:56, on 04/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PSIService.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Karol\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Karol.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020909 serial=DR12WEX-1504397-KTY lang=BP

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: STK017 PNP Monitor.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.oifotos.com/custom/send2/ImageUploader5.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155

O17 - HKLM\System\CS1\Services\Tcpip\..\{1258BF82-97A1-47CC-B38D-07ECB68EC0A5}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Unknown owner - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (file missing)

 

--

End of file - 10747 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2009-01-13 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-11 251504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-11 657904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2009-01-30 405504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-11 522224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-01-13 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-13 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-11 251504]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"CorelDRAW Graphics Suite 11b"=C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe [2003-11-28 729088]

"RaidTool"=C:\Arquivos de programas\VIA\RAID\raid_t []

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-01-13 136600]

"GrooveMonitor"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

"HP Software Update"=C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

"Acrobat Assistant 8.0"=C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-23 620152]

"ISTray"=C:\Arquivos de programas\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-11 39408]

"AdobeUpdater"=C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Lotus Organizer EasyClip.lnk]

C:\lotus\organize\easyclip.exe /LPT []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Lotus QuickStart.lnk]

C:\lotus\wordpro\ltsstart.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Lotus SmartCenter.lnk]

C:\lotus\smartctr\smartctr.exe /LPT []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Lotus SuiteStart.lnk]

C:\lotus\smartctr\suitest.exe /LPT []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Register Genuine Fractals PrintPro 5.0.lnk]

C:\Arquivos de programas\onOne Software\Genuine Fractals\Register Genuine Fractals PrintPro 5.0.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Karol^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

C:\ARQUIV~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe

Adobe Acrobat Synchronizer.lnk - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

STK017 PNP Monitor.lnk - C:\Arquivos de programas\STK017_V2.01\STK017M.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll [2009-01-30 405504]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2009-01-30 405504]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDrives"=0

"NoDriveAutoRun"=67108863

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Arquivos de programas\LimeWire\LimeWire.exe"="C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\Arquivos de programas\Ares\Ares.exe"="C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows"

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Documents and Settings\Karol\Configurações locais\temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Karol\Configurações locais\temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

======File associations======

 

.js - open - "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

 

======List of files/folders created in the last 1 months======

 

2009-02-04 20:56:16 ----A---- C:\Karol.exe

2009-02-04 20:56:11 ----D---- C:\rsit

2009-02-04 17:28:10 ----A---- C:\WINDOWS\system32\direct.txt

2009-02-04 17:24:06 ----A---- C:\logs.txt

2009-02-04 13:03:36 ----A---- C:\WINDOWS\system32\zip.exe

2009-02-04 13:03:36 ----A---- C:\WINDOWS\system32\strings.exe

2009-02-04 13:03:36 ----A---- C:\WINDOWS\system32\restart.exe

2009-02-04 13:03:36 ----A---- C:\WINDOWS\system32\pv.exe

2009-02-04 13:03:36 ----A---- C:\WINDOWS\system32\Ntrights.exe

2009-02-04 13:03:36 ----A---- C:\WINDOWS\system32\locate.com

2009-02-04 09:13:59 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NortonInstaller

2009-02-03 19:57:30 ----SHD---- C:\RECYCLER

2009-02-03 16:27:26 ----D---- C:\Documents and Settings\Karol\Dados de aplicativos\PC Tools

2009-02-03 16:27:26 ----D---- C:\Arquivos de programas\Spyware Doctor

2009-02-03 08:22:02 ----A---- C:\WINDOWS\zip.exe

2009-02-03 08:22:02 ----A---- C:\WINDOWS\VFIND.exe

2009-02-03 08:22:02 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-02-03 08:22:02 ----A---- C:\WINDOWS\SWSC.exe

2009-02-03 08:22:02 ----A---- C:\WINDOWS\SWREG.exe

2009-02-03 08:22:02 ----A---- C:\WINDOWS\sed.exe

2009-02-03 08:22:02 ----A---- C:\WINDOWS\NIRCMD.exe

2009-02-03 08:22:02 ----A---- C:\WINDOWS\grep.exe

2009-02-03 08:22:02 ----A---- C:\WINDOWS\fdsv.exe

2009-02-02 19:36:16 ----D---- C:\backups

2009-02-01 22:14:31 ----A---- C:\WINDOWS\UP02.EXE

2009-02-01 19:22:10 ----HD---- C:\WINDOWS\system32\GroupPolicy

2009-02-01 18:54:41 ----HDC---- C:\WINDOWS\ie8

2009-02-01 18:03:31 ----D---- C:\WINDOWS\Prefetch

2009-02-01 17:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2009-02-01 17:32:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2009-02-01 17:31:07 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2009-02-01 17:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2009-02-01 17:27:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2009-02-01 17:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2009-02-01 17:24:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2009-02-01 17:22:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2009-02-01 17:20:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2009-02-01 17:18:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2009-02-01 17:17:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2009-02-01 17:14:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2009-02-01 17:13:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$

2009-02-01 17:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2009-02-01 17:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2009-02-01 17:08:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2009-02-01 17:05:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2009-02-01 17:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$

2009-02-01 17:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

2009-02-01 16:59:04 ----A---- C:\WINDOWS\setuplog.txt

2009-02-01 16:57:37 ----N---- C:\WINDOWS\system32\msxml6r.dll

2009-02-01 16:57:37 ----N---- C:\WINDOWS\system32\msxml6.dll

2009-02-01 16:57:35 ----N---- C:\WINDOWS\system32\smtpapi.dll

2009-02-01 16:57:35 ----N---- C:\WINDOWS\system32\rwnh.dll

2009-02-01 16:57:35 ----N---- C:\WINDOWS\system32\comsdupd.exe

2009-02-01 16:57:31 ----N---- C:\WINDOWS\system32\azroles.dll

2009-02-01 16:57:31 ----N---- C:\WINDOWS\system32\ativvaxx.dll

2009-02-01 16:57:31 ----N---- C:\WINDOWS\system32\ativtmxx.dll

2009-02-01 16:57:31 ----N---- C:\WINDOWS\system32\ati3duag.dll

2009-02-01 16:57:31 ----N---- C:\WINDOWS\system32\ati3d1ag.dll

2009-02-01 16:57:31 ----N---- C:\WINDOWS\system32\ati2dvag.dll

2009-02-01 16:57:31 ----N---- C:\WINDOWS\system32\ati2dvaa.dll

2009-02-01 16:57:31 ----N---- C:\WINDOWS\system32\ati2cqag.dll

2009-02-01 16:57:31 ----N---- C:\WINDOWS\system32\aaclient.dll

2009-02-01 16:57:30 ----N---- C:\WINDOWS\system32\dot3ui.dll

2009-02-01 16:57:30 ----N---- C:\WINDOWS\system32\dot3svc.dll

2009-02-01 16:57:30 ----N---- C:\WINDOWS\system32\dot3msm.dll

2009-02-01 16:57:30 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll

2009-02-01 16:57:30 ----N---- C:\WINDOWS\system32\dot3dlg.dll

2009-02-01 16:57:30 ----N---- C:\WINDOWS\system32\dot3cfg.dll

2009-02-01 16:57:30 ----N---- C:\WINDOWS\system32\dot3api.dll

2009-02-01 16:57:30 ----N---- C:\WINDOWS\system32\dimsroam.dll

2009-02-01 16:57:30 ----N---- C:\WINDOWS\system32\dimsntfy.dll

2009-02-01 16:57:30 ----N---- C:\WINDOWS\system32\dhcpqec.dll

2009-02-01 16:57:30 ----N---- C:\WINDOWS\system32\credssp.dll

2009-02-01 16:57:30 ----N---- C:\WINDOWS\system32\bitsprx4.dll

2009-02-01 16:57:29 ----N---- C:\WINDOWS\system32\eapsvc.dll

2009-02-01 16:57:29 ----N---- C:\WINDOWS\system32\eapqec.dll

2009-02-01 16:57:29 ----N---- C:\WINDOWS\system32\eappprxy.dll

2009-02-01 16:57:29 ----N---- C:\WINDOWS\system32\eapphost.dll

2009-02-01 16:57:29 ----N---- C:\WINDOWS\system32\eappgnui.dll

2009-02-01 16:57:29 ----N---- C:\WINDOWS\system32\eappcfg.dll

2009-02-01 16:57:29 ----N---- C:\WINDOWS\system32\eapp3hst.dll

2009-02-01 16:57:29 ----N---- C:\WINDOWS\system32\eapolqec.dll

2009-02-01 16:57:27 ----N---- C:\WINDOWS\system32\kbdbhc.dll

2009-02-01 16:57:27 ----N---- C:\WINDOWS\system32\hsfcisp2.dll

2009-02-01 16:57:26 ----N---- C:\WINDOWS\system32\l2gpstore.dll

2009-02-01 16:57:26 ----N---- C:\WINDOWS\system32\kmsvc.dll

2009-02-01 16:57:26 ----N---- C:\WINDOWS\system32\kbdpash.dll

2009-02-01 16:57:26 ----N---- C:\WINDOWS\system32\kbdnepr.dll

2009-02-01 16:57:26 ----N---- C:\WINDOWS\system32\kbdiultn.dll

2009-02-01 16:57:25 ----N---- C:\WINDOWS\system32\mssha.dll

2009-02-01 16:57:25 ----N---- C:\WINDOWS\system32\mmcperf.exe

2009-02-01 16:57:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll

2009-02-01 16:57:25 ----N---- C:\WINDOWS\system32\mmcex.dll

2009-02-01 16:57:25 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll

2009-02-01 16:57:25 ----N---- C:\WINDOWS\system32\mdmxsdk.dll

2009-02-01 16:57:24 ----N---- C:\WINDOWS\system32\onex.dll

2009-02-01 16:57:24 ----N---- C:\WINDOWS\system32\nv4_disp.dll

2009-02-01 16:57:24 ----N---- C:\WINDOWS\system32\napstat.exe

2009-02-01 16:57:24 ----N---- C:\WINDOWS\system32\napmontr.dll

2009-02-01 16:57:24 ----N---- C:\WINDOWS\system32\napipsec.dll

2009-02-01 16:57:24 ----N---- C:\WINDOWS\system32\mtxparhd.dll

2009-02-01 16:57:24 ----N---- C:\WINDOWS\system32\msshavmsg.dll

2009-02-01 16:57:23 ----N---- C:\WINDOWS\system32\s3gnb.dll

2009-02-01 16:57:23 ----N---- C:\WINDOWS\system32\rhttpaa.dll

2009-02-01 16:57:23 ----N---- C:\WINDOWS\system32\rasqec.dll

2009-02-01 16:57:23 ----N---- C:\WINDOWS\system32\qutil.dll

2009-02-01 16:57:23 ----N---- C:\WINDOWS\system32\qcliprov.dll

2009-02-01 16:57:23 ----N---- C:\WINDOWS\system32\qagentrt.dll

2009-02-01 16:57:23 ----N---- C:\WINDOWS\system32\qagent.dll

2009-02-01 16:57:22 ----N---- C:\WINDOWS\system32\slserv.exe

2009-02-01 16:57:22 ----N---- C:\WINDOWS\system32\slrundll.exe

2009-02-01 16:57:22 ----N---- C:\WINDOWS\system32\slgen.dll

2009-02-01 16:57:22 ----N---- C:\WINDOWS\system32\slextspk.dll

2009-02-01 16:57:22 ----N---- C:\WINDOWS\system32\slcoinst.dll

2009-02-01 16:57:22 ----N---- C:\WINDOWS\system32\setupn.exe

2009-02-01 16:57:21 ----N---- C:\WINDOWS\system32\tspkg.dll

2009-02-01 16:57:21 ----N---- C:\WINDOWS\system32\tsgqec.dll

2009-02-01 16:57:20 ----N---- C:\WINDOWS\system32\wlanapi.dll

2009-02-01 16:57:19 ----N---- C:\WINDOWS\slrundll.exe

2009-02-01 16:57:17 ----D---- C:\WINDOWS\l2schemas

2009-02-01 16:57:16 ----D---- C:\WINDOWS\system32\bits

2009-02-01 16:53:48 ----D---- C:\WINDOWS\ServicePackFiles

2009-02-01 16:50:35 ----D---- C:\WINDOWS\network diagnostic

2009-02-01 16:48:19 ----A---- C:\WINDOWS\003076_.tmp

2009-02-01 16:42:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2009-01-31 09:38:24 ----D---- C:\WINDOWS\All Users

2009-01-31 09:38:19 ----A---- C:\WINDOWS\OEWABLog.txt

2009-01-30 21:54:25 ----A---- C:\WINDOWS\system32\wgaX2.dll

2009-01-30 21:54:24 ----A---- C:\WINDOWS\system32\snengine.exe

2009-01-30 21:54:24 ----A---- C:\WINDOWS\system32\snagos.exe

2009-01-30 13:38:32 ----D---- C:\WINDOWS\system32\NtmsData

2009-01-30 12:12:19 ----A---- C:\WINDOWS\system32\atl71.dll

2009-01-30 12:00:38 ----A---- C:\WINDOWS\system32\mfc71.dll

2009-01-26 20:59:38 ----D---- C:\Documents and Settings\Karol\Dados de aplicativos\Unity

2009-01-26 20:07:33 ----D---- C:\Arquivos de programas\Unity

2009-01-15 02:22:06 ----N---- C:\WINDOWS\system32\msrating.dll.mui

2009-01-15 02:21:46 ----N---- C:\WINDOWS\system32\mshta.exe.mui

2009-01-15 02:19:32 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui

2009-01-15 02:19:06 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui

2009-01-14 02:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$

2009-01-13 18:31:05 ----A---- C:\WINDOWS\system32\javaws.exe

2009-01-13 18:31:05 ----A---- C:\WINDOWS\system32\javaw.exe

2009-01-13 18:31:05 ----A---- C:\WINDOWS\system32\java.exe

2009-01-13 18:31:05 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-01-10 08:52:42 ----D---- C:\Documents and Settings\Karol\Dados de aplicativos\Malwarebytes

2009-01-10 08:52:36 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2009-01-09 22:46:58 ----A---- C:\Boot.bak

2009-01-09 22:46:50 ----D---- C:\cmdcons

2009-01-09 19:26:01 ----A---- C:\HijackThis.exe

2009-01-09 19:26:00 ----D---- C:\HiJackThis

2009-01-09 07:23:24 ----A---- C:\WINDOWS\system32\muweb.dll

2009-01-09 07:23:23 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2009-01-09 07:23:23 ----A---- C:\WINDOWS\system32\mucltui.dll

2009-01-08 19:23:33 ----D---- C:\Arquivos de programas\Microsoft Office Outlook Connector

2009-01-08 19:21:01 ----A---- C:\WINDOWS\system32\d3dx9_32.dll

2009-01-08 19:20:09 ----HDC---- C:\WINDOWS\$NtUninstallWIC$

2009-01-08 19:18:47 ----D---- C:\Arquivos de programas\Microsoft

2009-01-08 19:18:17 ----D---- C:\Arquivos de programas\Windows Live SkyDrive

 

======List of files/folders modified in the last 1 months======

 

2009-02-04 20:08:47 ----SHD---- C:\WINDOWS\Installer

2009-02-04 20:08:47 ----HD---- C:\Config.Msi

2009-02-04 20:08:39 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2009-02-04 20:08:17 ----D---- C:\WINDOWS\SxsCaPendDel

2009-02-04 20:08:07 ----RD---- C:\Arquivos de programas

2009-02-04 20:07:48 ----RSD---- C:\WINDOWS\assembly

2009-02-04 20:06:54 ----D---- C:\Arquivos de programas\Windows Live

2009-02-04 20:05:45 ----D---- C:\WINDOWS\WinSxS

2009-02-04 20:05:23 ----D---- C:\WINDOWS\system32

2009-02-04 20:04:02 ----D---- C:\WINDOWS

2009-02-04 20:01:25 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-02-04 20:01:25 ----AD---- C:\WINDOWS\system32\drivers

2009-02-04 19:57:37 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-02-04 19:55:15 ----D---- C:\Documents and Settings

2009-02-04 19:48:26 ----D---- C:\WINDOWS\temp

2009-02-04 19:42:11 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-02-04 13:38:19 ----D---- C:\WINDOWS\Microsoft.NET

2009-02-04 13:31:59 ----HD---- C:\WINDOWS\inf

2009-02-04 13:31:06 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-04 09:13:59 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2009-02-03 08:30:31 ----A---- C:\WINDOWS\system.ini

2009-02-03 08:28:17 ----D---- C:\WINDOWS\system32\config

2009-02-03 08:27:09 ----D---- C:\WINDOWS\erdnt

2009-02-03 08:25:06 ----D---- C:\WINDOWS\AppPatch

2009-02-03 08:25:06 ----D---- C:\Arquivos de programas\Arquivos comuns

2009-02-02 15:35:55 ----D---- C:\WINDOWS\pss

2009-02-02 15:35:54 ----RASH---- C:\boot.ini

2009-02-02 15:35:54 ----A---- C:\WINDOWS\win.ini

2009-02-01 19:01:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-02-01 18:59:23 ----D---- C:\WINDOWS\system32\pt-br

2009-02-01 18:59:22 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-02-01 18:59:22 ----D---- C:\WINDOWS\Media

2009-02-01 18:59:22 ----D---- C:\WINDOWS\Help

2009-02-01 18:59:22 ----D---- C:\Arquivos de programas\Internet Explorer

2009-02-01 18:04:10 ----D---- C:\WINDOWS\Debug

2009-02-01 18:03:05 ----D---- C:\WINDOWS\system32\wbem

2009-02-01 18:03:05 ----D---- C:\WINDOWS\system32\Setup

2009-02-01 18:03:04 ----RSD---- C:\WINDOWS\Fonts

2009-02-01 18:02:32 ----D---- C:\WINDOWS\security

2009-02-01 17:59:17 ----A---- C:\WINDOWS\imsins.BAK

2009-02-01 17:34:30 ----D---- C:\WINDOWS\system32\CatRoot

2009-02-01 17:04:29 ----D---- C:\Arquivos de programas\Messenger

2009-02-01 16:57:36 ----D---- C:\WINDOWS\ehome

2009-02-01 16:57:35 ----D---- C:\WINDOWS\system32\inetsrv

2009-02-01 16:57:34 ----D---- C:\WINDOWS\ime

2009-02-01 16:57:18 ----D---- C:\WINDOWS\system32\usmt

2009-02-01 16:57:16 ----D---- C:\WINDOWS\PeerNet

2009-02-01 16:57:15 ----D---- C:\Arquivos de programas\Movie Maker

2009-02-01 16:52:56 ----D---- C:\WINDOWS\system32\Restore

2009-02-01 16:52:56 ----D---- C:\WINDOWS\system32\npp

2009-02-01 16:52:51 ----D---- C:\WINDOWS\msagent

2009-02-01 16:52:50 ----D---- C:\WINDOWS\srchasst

2009-02-01 16:52:49 ----D---- C:\Arquivos de programas\NetMeeting

2009-02-01 16:52:47 ----D---- C:\WINDOWS\system32\Com

2009-02-01 16:52:45 ----D---- C:\Arquivos de programas\Windows NT

2009-02-01 16:52:45 ----D---- C:\Arquivos de programas\Windows Media Player

2009-02-01 16:52:45 ----D---- C:\Arquivos de programas\Outlook Express

2009-02-01 16:52:42 ----D---- C:\Arquivos de programas\Arquivos comuns\System

2009-02-01 16:52:17 ----D---- C:\WINDOWS\system32\oobe

2009-02-01 16:52:16 ----D---- C:\WINDOWS\system

2009-02-01 16:48:11 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-02-01 10:19:02 ----D---- C:\Documents and Settings\Karol\Dados de aplicativos\LimeWire

2009-01-30 21:54:24 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-01-30 21:54:24 ----D---- C:\Arquivos de programas\GbPlugin

2009-01-29 08:38:58 ----D---- C:\WINDOWS\Registration

2009-01-15 02:22:26 ----A---- C:\WINDOWS\system32\ieframe.dll.mui

2009-01-15 02:19:30 ----A---- C:\WINDOWS\system32\advpack.dll.mui

2009-01-15 02:17:22 ----A---- C:\WINDOWS\system32\iedkcs32.dll

2009-01-15 02:13:18 ----A---- C:\WINDOWS\system32\mshtml.dll

2009-01-15 02:12:12 ----A---- C:\WINDOWS\system32\ieframe.dll

2009-01-15 02:06:48 ----A---- C:\WINDOWS\system32\urlmon.dll

2009-01-15 02:06:22 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe

2009-01-15 02:06:08 ----A---- C:\WINDOWS\system32\webcheck.dll

2009-01-15 02:06:00 ----A---- C:\WINDOWS\system32\url.dll

2009-01-15 02:05:42 ----A---- C:\WINDOWS\system32\wininet.dll

2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\occache.dll

2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\msrating.dll

2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\licmgr10.dll

2009-01-15 02:04:28 ----A---- C:\WINDOWS\system32\corpol.dll

2009-01-15 02:04:16 ----A---- C:\WINDOWS\system32\jsproxy.dll

2009-01-15 02:03:58 ----A---- C:\WINDOWS\system32\jscript.dll

2009-01-15 02:03:50 ----A---- C:\WINDOWS\system32\ieaksie.dll

2009-01-15 02:03:42 ----A---- C:\WINDOWS\system32\ieakeng.dll

2009-01-15 02:03:36 ----A---- C:\WINDOWS\system32\vbscript.dll

2009-01-15 02:03:32 ----A---- C:\WINDOWS\system32\admparse.dll

2009-01-15 02:03:28 ----A---- C:\WINDOWS\system32\ie4uinit.exe

2009-01-15 02:03:20 ----A---- C:\WINDOWS\system32\ieakui.dll

2009-01-15 02:03:18 ----A---- C:\WINDOWS\system32\ieudinit.exe

2009-01-15 02:03:18 ----A---- C:\WINDOWS\system32\iesetup.dll

2009-01-15 02:03:14 ----A---- C:\WINDOWS\system32\inseng.dll

2009-01-15 02:03:14 ----A---- C:\WINDOWS\system32\iernonce.dll

2009-01-15 02:03:12 ----A---- C:\WINDOWS\system32\advpack.dll

2009-01-15 02:02:50 ----A---- C:\WINDOWS\system32\iertutil.dll

2009-01-15 02:02:40 ----A---- C:\WINDOWS\system32\msfeeds.dll

2009-01-15 02:02:20 ----A---- C:\WINDOWS\system32\mstime.dll

2009-01-15 02:01:52 ----A---- C:\WINDOWS\system32\iepeers.dll

2009-01-15 02:01:42 ----A---- C:\WINDOWS\system32\msfeedssync.exe

2009-01-15 02:01:40 ----A---- C:\WINDOWS\system32\msfeedsbs.dll

2009-01-15 02:01:40 ----A---- C:\WINDOWS\system32\icardie.dll

2009-01-15 02:01:26 ----A---- C:\WINDOWS\system32\imgutil.dll

2009-01-15 02:01:22 ----A---- C:\WINDOWS\system32\dxtmsft.dll

2009-01-15 02:01:18 ----A---- C:\WINDOWS\system32\pngfilt.dll

2009-01-15 02:01:16 ----A---- C:\WINDOWS\system32\dxtrans.dll

2009-01-15 02:01:06 ----A---- C:\WINDOWS\system32\mshtmled.dll

2009-01-15 02:00:46 ----A---- C:\WINDOWS\system32\mshtmler.dll

2009-01-15 02:00:38 ----A---- C:\WINDOWS\system32\mshta.exe

2009-01-15 01:50:50 ----A---- C:\WINDOWS\system32\ieui.dll

2009-01-15 01:50:38 ----A---- C:\WINDOWS\system32\msls31.dll

2009-01-15 01:35:10 ----A---- C:\WINDOWS\system32\ieapfltr.dll

2009-01-13 18:30:46 ----D---- C:\Arquivos de programas\Java

2009-01-13 08:35:56 ----HD---- C:\WINDOWS\$hf_mig$

2009-01-12 12:14:58 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2009-01-11 21:37:07 ----D---- C:\Arquivos de programas\Google

2009-01-11 21:32:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Google

2009-01-10 22:12:44 ----A---- C:\WINDOWS\ntbtlog.txt

2009-01-09 23:06:18 ----SD---- C:\WINDOWS\Tasks

2009-01-09 22:54:25 ----A---- C:\autoexec.bat

2009-01-09 22:52:04 ----D---- C:\WINDOWS\Minidump

2009-01-09 22:51:51 ----D---- C:\WINDOWS\system32\04502

2009-01-09 21:45:06 ----D---- C:\WINDOWS\repair

2009-01-09 15:41:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2009-01-09 15:34:00 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2009-01-08 20:05:16 ----SD---- C:\Documents and Settings\Karol\Dados de aplicativos\Microsoft

2009-01-08 19:21:12 ----D---- C:\WINDOWS\system32\DirectX

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 bbcap;bbcap; C:\WINDOWS\system32\DRIVERS\bbcap.sys [2008-04-28 2944]

R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]

R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]

R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]

R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-03-18 42496]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol); C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-08-09 160640]

R4 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys []

S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []

S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 BridgeMP;Miniporta de ponte MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 DCamUSBSTK017;STK017 Camera; C:\WINDOWS\system32\DRIVERS\STK017W2.sys [2003-11-17 99476]

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-09-05 5888]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 usb2vcom;USB to Serial Bridge Controller; C:\WINDOWS\System32\Drivers\usb2vcom.sys [2006-07-16 30368]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 usbvideo;Dispositivo de vídeo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 CCALib8;Canon Camera Access Library 8; C:\Arquivos de programas\Canon\CAL\CALMAIN.exe [2007-01-31 96370]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-01-13 152984]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]

R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]

R2 sdAuxService;PC Tools Auxiliary Service; C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]

R2 sdCoreService;PC Tools Security Service; C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-05-26 654848]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-11 137200]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 ServiceLayer;ServiceLayer; C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe []

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2006-02-28 229376]

 

-----------------EOF-----------------

________________________________________________________________________________

____________

 

info.txt logfile of random's system information tool 1.05 2009-02-04 20:57:03

 

======Uninstall list======

 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {98003BDC-1B68-4970-B28E-ACC8000D2F3E}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

ACDSee 10 Photo Manager-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}

Add or Remove Adobe Creative Suite 3 Design Premium-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}

Adobe Fireworks CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\bbef028176efa5abf0233d3e1747be8\Setup.exe

Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}

Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}

Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}

Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}

Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}

Adobe Photoshop Lightroom-->MsiExec.exe /I{359D2A79-64C6-4824-83CE-B053297DED6A}

Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}

Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}

Adobe Premiere Pro CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe

Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}

Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

Adobe Setup-->MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}

Adobe Setup-->MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}

Adobe Setup-->MsiExec.exe /I{C92A5A89-B218-46F7-8898-77C52113FFE0}

Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}

Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}

Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}

AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}

Alien Skin Blow Up-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\BLOWUP~1\Unwise32.exe C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\BLOWUP~1\INSTALL.LOG

Alien Skin Exposure-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\Exposure\Unwise32.exe C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\Exposure\INSTALL.LOG

Alien Skin Eye Candy 5 Impact-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\Unwise32.exe C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\INSTALL.LOG

Alien Skin Eye Candy 5 Nature-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~2\Unwise32.exe C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~2\INSTALL.LOG

Alien Skin Eye Candy 5 Textures-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~3\UNWISE.EXE C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~3\INSTALL.LOG

Alien Skin Image Doctor 1.0-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\IMAGED~1\UNWISE.EXE C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\IMAGED~1\INSTALL.LOG

Alien Skin Snap Art-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\SNAPAR~1\Unwise32.exe C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\SNAPAR~1\INSTALL.LOG

Alien Skin Xenofex 2.0-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\XENOFE~1\UNWISE.EXE C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\XENOFE~1\INSTALL.LOG

Ares 2.1.1-->"C:\Arquivos de programas\Ares\uninstall.exe"

Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A857F8-35FA-42B2-A7BE-FBD5BAFDD84A}

Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Atualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

BB FlashBack-->"C:\Documents and Settings\All Users\Dados de aplicativos\{726649E6-8F90-456E-B22B-3DFDD02D58C8}\BB FlashBack.exe" REMOVE=TRUE MODIFY=FALSE

BB FlashBack-->C:\Documents and Settings\All Users\Dados de aplicativos\{726649E6-8F90-456E-B22B-3DFDD02D58C8}\BB FlashBack.exe

Canon Camera Access Library-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\CAL\Uninst.ini"

Canon Camera Support Core Library-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\CSCLIB\Uninst.ini"

Canon Digital Camera Solution Disk 34 Guía de iniciación al software-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\SoftwareStarterGuide-DCSD34\Uninst.ini"

Canon G.726 WMP-Decoder-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\G726Decoder\G726DecUnInstall.ini"

Canon Guía del usuario de impresión directa-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\DirectPrintUserGuide\Uninst.ini"

Canon MovieEdit Task for ZoomBrowser EX-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\ZoomBrowser EX\Program\MVWUninst.ini"

Canon PowerShot A470 Guía del usuario de la cámara-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\CameraUserGuide-PSA470\Uninst.ini"

Canon RAW Image Task for ZoomBrowser EX-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\RAW Image Task\Uninst.ini"

Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"

Canon Utilities CameraWindow DC-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\CameraWindow\CameraWindowDC\Uninst.ini"

Canon Utilities CameraWindow-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"

Canon Utilities EOS Utility-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\EOS Utility\Uninst.ini"

Canon Utilities MyCamera DC-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\CameraWindow\MyCameraDC\Uninst.ini"

Canon Utilities MyCamera-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\CameraWindow\MyCamera\Uninst.ini"

Canon Utilities PhotoStitch-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\PhotoStitch\Uninst.ini"

Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"

Canon Utilities ZoomBrowser EX-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\ZoomBrowser EX\Program\Uninst.ini"

Canon ZoomBrowser EX Memory Card Utility-->"C:\Arquivos de programas\Arquivos comuns\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Arquivos de programas\Canon\ZoomBrowser EX MCU\Uninst.ini"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe

CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}

Digital Recorder-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Arquivos de programas\UnInst.log" "/APPNAME=Digital Recorder"

DVD Solution-->"C:\Arquivos de programas\Uninstall_CDS.exe"

Eye Candy 3-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\UNWISE.EXE C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\INSTALL.LOG

Eye Candy 4000 Demo-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\EYECAN~1\UNWISE.EXE C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\EYECAN~1\INSTALL.LOG

Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Flickr Uploadr 3.0.5-->"C:\Arquivos de programas\Flickr Uploadr\uninstall.exe"

Google Toolbar for Internet Explorer-->"C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall

HijackThis 2.0.2-->"C:\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

HP Customer Participation Program 7.0-->C:\Arquivos de programas\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 7.0-->C:\Arquivos de programas\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}

HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat

HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}

HP Solution Center 7.0-->C:\Arquivos de programas\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HTML Executable IERuntime-->C:\Arquivos de programas\Arquivos comuns\HTML Executable Viewer\{AF358AB7-0CEF-40B5-A569-D27F8F38232D}\heieunin.exe

IRPF2008 - Declaração de Ajuste Anual-->C:\ARQUIV~1\PROGRA~2\IRPF2008\UNWISE.EXE C:\ARQUIV~1\PROGRA~2\IRPF2008\INSTALL.LOG

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

K-Lite Codec Pack 3.2.5 Full-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"

LG GSM PC Components-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{C4A7094A-F4B6-4E20-B5B4-7D2B7F3EC0FE}\Setup.exe"

LG Mobile Agent-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E3D82B5F-B67F-40F8-B4D1-B0415AB2DD86}\setup.exe"

LightDialer 3.0-->"C:\Arquivos de programas\Oi Velox\Conexão\unins000.exe"

LightModem 3.0-->"C:\Arquivos de programas\Oi Velox\Modem\unins000.exe"

LimeWire 4.18.8-->"C:\Arquivos de programas\LimeWire\uninstall.exe"

Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}

Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170416-6000-11D3-8CFE-0150048383C9}

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0416-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}

Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}

Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

MP3 Player Utilities 4.00-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Need For Speed II SE-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Electronic Arts\Need For Speed II SE\DeIsL1.isu"

Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}

Nero PhotoShow Deluxe 4-->"C:\Arquivos de programas\Nero\Nero PhotoShow 4\data\Xtras\Uninstall.exe"

Noiseware Professional Edition-->MsiExec.exe /I{D6F1DA03-C914-4856-87EB-CF2C54A26A9D}

Noiseware Professional Plug-in-->MsiExec.exe /I{0176AC71-9EDE-48A0-AC3B-94FEB38B1FFE}

OCR Software by I.R.I.S 7.0-->C:\Arquivos de programas\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

On-line Help Console-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6283826F-59A2-11D9-BB04-000AE6BE6EE7}\setup.exe" -l0x9

Pacote de Driver do Windows - Nokia Modem (02/15/2007 3.1)-->C:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf

Pacote de Driver do Windows - Nokia Modem (02/15/2007 3.1)-->C:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf

Paquete de idioma de Microsoft .NET Framework 2.0 - ESN-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ESN\install.exe

PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

Plugin Commander Light 1.60-->"C:\Arquivos de programas\Plugin Commander Light\unins000.exe"

Portraiture Plug-in-->MsiExec.exe /I{8F378798-88D8-4FA1-AB74-F035542133A6}

PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PowerProducer-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall

Realtek AC'97 Audio-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x416 -removeonly

RTLSetup-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\SETUP.EXE" -l0x9 REMOVE

S3 S3Config3D-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Config3D'

S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'

S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'

S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'

S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'

S3 S3RefreshLock-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3RefreshLock'

S3 S3TrayPlus-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3TrayPlus'

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}

Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}

Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}

Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}

Spyware Doctor 6.0-->C:\Arquivos de programas\Spyware Doctor\unins000.exe /LOG

STK017_V2.01-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{EAB938C1-1193-465A-8E19-680654405477}\Setup.exe" -l0x9

StuffPlug 3-->C:\Arquivos de programas\StuffPlug3\Uninstall.exe

TUGZip 3.4-->"C:\Arquivos de programas\TUGZip\unins000.exe"

Ulead PhotoImpact 12-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\Setup.exe" -l0x9

UniChrome Pro IGP Display Driver and Utilities-->C:\ARQUIV~1\S3Inc\S3\s3setvga.exe -s -fC:\ARQUIV~1\S3Inc\S3\S3.uns

Uninstall DreamSuite Bonus-->C:\WINDOWS\unvise32.exe C:\ARQUIVOS DE PROGRAMAS\ADOBE\ADOBE PHOTOSHOP CS3\PLUG-INS\DreamSuite Bonus\DreamSuite Bonus Uninstall.log

Uninstall DreamSuite-->C:\WINDOWS\unvise32.exe C:\ARQUIVOS DE PROGRAMAS\ADOBE\ADOBE PHOTOSHOP CS3\PLUG-INS\DreamSuite\DreamSuite Uninstall.log

Uninstall Mystical-->C:\WINDOWS\unvise32.exe C:\ARQUIVOS DE PROGRAMAS\ADOBE\ADOBE PHOTOSHOP CS3\PLUG-INS\Mystical\Mystical Uninstall.log

Unity Web Player-->C:\Arquivos de programas\Unity\WebPlayer\Uninstall.exe

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}

USB TO UART Driver 2.00.3-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F06FCDEC-5AB3-4927-A3E7-36AF98A8E05C}\setup.exe" -l0x816 -removeonly

VDownloader 0.74-->"C:\Arquivos de programas\VDOWNLOADER\unins000.exe"

VIA Platform Device Manager-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

WavePad Uninstall-->C:\Arquivos de programas\NCH Swift Sound\WavePad\uninst.exe

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Internet Explorer 8 Release Candidate 1-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Sync-->MsiExec.exe /X{48FD9BAB-E7C0-494B-8AE9-BF9507D331B7}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

Xenofex 1.0 Demo-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\UNWISE32.EXE C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\INSTALL.LOG

Xenofex 1.0-->C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\XENOFE~2\UNWISE.EXE C:\ARQUIV~1\Adobe\ADOBEP~1\Plug-Ins\XENOFE~2\INSTALL.LOG

 

=====HijackThis Backups=====

 

O4 - Global Startup: Windows UpdateSP1.exe

O4 - Global Startup: Windows UpdateSP2.exe

O4 - Global Startup: UP02.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll (file missing)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

 

System event log

 

Computer Name: CAROU-9F99FBC1A

Event Code: 10000

Message: Não foi possível iniciar o servidor DCOM: {C1B389E5-7DF7-417B-837C-876F1355121B}.

O erro:

"%3"

Aconteceu ao iniciar este comando:

C:\ARQUIV~1\ARQUIV~1\PCSuite\DATALA~1\DATALA~1.EXE -Embedding

 

Record Number: 71353

Source Name: DCOM

Time Written: 20090125124153.000000-120

Event Type: Erro

User: CAROU-9F99FBC1A\Karol

 

Computer Name: CAROU-9F99FBC1A

Event Code: 7036

Message: O serviço Google Updater Service entrou no estado executando.

 

Record Number: 71352

Source Name: Service Control Manager

Time Written: 20090125124136.000000-120

Event Type: Informações

User:

 

Computer Name: CAROU-9F99FBC1A

Event Code: 7035

Message: O serviço Google Updater Service recebeu com êxito um controle Iniciar.

 

Record Number: 71351

Source Name: Service Control Manager

Time Written: 20090125124136.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: CAROU-9F99FBC1A

Event Code: 10000

Message: Não foi possível iniciar o servidor DCOM: {C1B389E5-7DF7-417B-837C-876F1355121B}.

O erro:

"%3"

Aconteceu ao iniciar este comando:

C:\ARQUIV~1\ARQUIV~1\PCSuite\DATALA~1\DATALA~1.EXE -Embedding

 

Record Number: 71350

Source Name: DCOM

Time Written: 20090125123904.000000-120

Event Type: Erro

User: CAROU-9F99FBC1A\Karol

 

Computer Name: CAROU-9F99FBC1A

Event Code: 20158

Message: O usuário kaka2906@oi.com.br estabeleceu com êxito uma conexão a Conexão Oi Velox usando o dispositivo ISDN15-0.

 

Record Number: 71349

Source Name: RemoteAccess

Time Written: 20090125121759.000000-120

Event Type: Informações

User:

 

Application event log

 

Computer Name: CAROU-9F99FBC1A

Event Code: 302

Message: msnmsgr (3364) \\.\C:\Documents and Settings\Karol\Configurações locais\Dados de aplicativos\Microsoft\Messenger\carolina_silva_3@hotmail.com\SharingMetadata\Working\database_5AA0_CA6B_A0CA_4D67\dfsr.db: O mecanismo de banco de dados concluiu com êxito as etapas de recuperação.

 

Record Number: 3473

Source Name: ESENT

Time Written: 20081025074455.000000-120

Event Type: Informações

User:

 

Computer Name: CAROU-9F99FBC1A

Event Code: 301

Message: msnmsgr (3364) \\.\C:\Documents and Settings\Karol\Configurações locais\Dados de aplicativos\Microsoft\Messenger\carolina_silva_3@hotmail.com\SharingMetadata\Working\database_5AA0_CA6B_A0CA_4D67\dfsr.db: O mecanismo de banco de dados está reproduzindo novamente o arquivo de log \\.\C:\Documents and Settings\Karol\Configurações locais\Dados de aplicativos\Microsoft\Messenger\carolina_silva_3@hotmail.com\SharingMetadata\Working\database_5AA0_CA6B_A0CA_4D67\fsr.log.

 

Record Number: 3472

Source Name: ESENT

Time Written: 20081025074454.000000-120

Event Type: Informações

User:

 

Computer Name: CAROU-9F99FBC1A

Event Code: 301

Message: msnmsgr (3364) \\.\C:\Documents and Settings\Karol\Configurações locais\Dados de aplicativos\Microsoft\Messenger\carolina_silva_3@hotmail.com\SharingMetadata\Working\database_5AA0_CA6B_A0CA_4D67\dfsr.db: O mecanismo de banco de dados está reproduzindo novamente o arquivo de log \\.\C:\Documents and Settings\Karol\Configurações locais\Dados de aplicativos\Microsoft\Messenger\carolina_silva_3@hotmail.com\SharingMetadata\Working\database_5AA0_CA6B_A0CA_4D67\fsr00139.log.

 

Record Number: 3471

Source Name: ESENT

Time Written: 20081025074454.000000-120

Event Type: Informações

User:

 

Computer Name: CAROU-9F99FBC1A

Event Code: 301

Message: msnmsgr (3364) \\.\C:\Documents and Settings\Karol\Configurações locais\Dados de aplicativos\Microsoft\Messenger\carolina_silva_3@hotmail.com\SharingMetadata\Working\database_5AA0_CA6B_A0CA_4D67\dfsr.db: O mecanismo de banco de dados está reproduzindo novamente o arquivo de log \\.\C:\Documents and Settings\Karol\Configurações locais\Dados de aplicativos\Microsoft\Messenger\carolina_silva_3@hotmail.com\SharingMetadata\Working\database_5AA0_CA6B_A0CA_4D67\fsr00138.log.

 

Record Number: 3470

Source Name: ESENT

Time Written: 20081025074454.000000-120

Event Type: Informações

User:

 

Computer Name: CAROU-9F99FBC1A

Event Code: 300

Message: msnmsgr (3364) \\.\C:\Documents and Settings\Karol\Configurações locais\Dados de aplicativos\Microsoft\Messenger\carolina_silva_3@hotmail.com\SharingMetadata\Working\database_5AA0_CA6B_A0CA_4D67\dfsr.db: O mecanismo de banco de dados está iniciando as etapas de recuperação.

 

Record Number: 3469

Source Name: ESENT

Time Written: 20081025074454.000000-120

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\ARQUIV~1\Java\JRE16~2.0_0\bin;C:\Arquivos de programas\Internet Explorer;;C:\Arquivos de programas\PC Connectivity Solution;.;C:\WINDOWS\system32\04502

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=2c02

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

[DigRam 144]

Bom Dia! carol2906

 

<!> Em pesquisas,realizadas,descobri que os 2 processos ( iexplore.exe ) são legítimos nesse IE8.

 

"...o IE8 vem com um recurso para a recuperação de falhas. Quando uma guia trava, é automaticamente recarregada e restaurada. A verdadeira beleza desta característica é que, ao contrário de outros navegadores, o IE8 não precisa reiniciar em caso de acidente. Você pode estar assistindo a um vídeo em uma guia e se outra guia travar, você não perde nada. Todas as informações inscritas na página, como um e-mail que você estava escrevendo no Windows Live Hotmail ou um formulário que você estava preenchendo, é automaticamente restabelecido.

----------------------------------

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

----------------------------------

<!> DESINSTALE: C:\Arquivos de programas\Spyware Doctor <--

----------------------------------

<@> Faça o download do a-squared Free 4.0.

 

<!> Link Opcional: < >

 

<@> Abra o programa e clique em: Atualizar agora --> Aguarde!

<@> Terminando,clique em: "Scan PC"

<@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar".

<@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena".

<@> Salve o relatório desta verificação,e poste-o na sua resposta.

 

Abraços!

[carol2906 0]

Olá DigRam...

 

Nossa, tem hora que tenho vontade de quebrar esse pc, ultimamente dá problema sempre, quando só eu e minha filha mexiamos quase não dava nada, agora com um monte de gente fuçando dá zica sempre e como eu não sei o que eles fazem fica dificil...

 

Vou ter que rodar o A-Squared de novo pra te dar o relatório, eu rodei e ele achou 162 infecções, a maioria segundo o que estava escrito de baixo risco, porém eu mandei as coisas pra quarentena antes de salvar o relatório e logo em seguida o pc reiniciou e eu fiquei sem relatório... ai cabeça..

 

Reinstalei meu msn e mesmo assim ele não entra, e desinstalei o spyware doctor.