[Resolvido!] Virus

[BabiFerrer 0]

Boa tarde, seria possivel a analise do log do meu Pc., Desde já fico-lhe muito grata!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:12:42, on 29/1/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\dklog.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dkcktkn.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\DOCUME~1\ADMINI~1.OEM\CONFIG~1\Temp\Diretório temporário 2 para

 

HiJackThis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

 

&http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://orion/

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up -

 

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF -

 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos

 

comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

 

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de

 

programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

 

C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

 

C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

 

C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

 

C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} -

 

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} -

 

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO -

 

{C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} -

 

C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Google Dictionary Compression sdch -

 

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google

 

Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

 

C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

 

C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} -

 

C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos

 

de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

 

C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de

 

programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de

 

programas\SafeNet\BSecClient\dkstartup.exe

O4 - HKLM\..\Run: [AxMonitor] C:\Arquivos de

 

programas\SafeNet\BSecClient\axmonitor.exe

O4 - HKLM\..\Run: [DkAutoReg] C:\Arquivos de

 

programas\SafeNet\BSecClient\DkAutoReg.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

 

/auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de

 

programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver -

 

res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel -

 

res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

 

C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

 

C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

 

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

 

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

 

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

 

Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de

 

programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de

 

programas\Messenger\msmsgs.exe

O14 - IERESET.INF:

 

SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3B2FC559-5102-4482-9684-66906D53A500} (Auth Class) -

 

http://www.t37.com.br/_conteudo/ecpf/EvalCriptoCOM.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -

 

http://picasaweb.google.com.br/s/v/35.08/uploader2.cab

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) -

 

http://www.wilsononline.com.br/includes/asp/arview2.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -

 

http://game02.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) -

 

https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C327EC23-7F81-4E1D-802C-8780052BCD50}:

 

NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de

 

programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE

 

PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos

 

de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil

 

Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil

 

Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil

 

Software\Avast4\ashWebSv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. -

 

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

 

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. -

 

C:\WINDOWS\system32\dklog.exe

O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. -

 

C:\WINDOWS\system32\dkcktkn.exe

O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. -

 

C:\WINDOWS\system32\dkvcm.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de

 

programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero

 

7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

 

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero

 

BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos

 

comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

 

C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 10047 bytes

[MGuitar 11]

BabiFerrer, sejam bem vinda ao fórum!

 

O que ocorre com o PC?

 

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

 

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);

● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;

● Após a instalação execute o programa;

● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;

● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;

● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.

OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;

● O log pode ser consultado clicando em Logs do menu principal também;

 

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

[BabiFerrer 0]

BabiFerrer, sejam bem vinda ao fórum!

 

O que ocorre com o PC?

 

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

 

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);

● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;

● Após a instalação execute o programa;

● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;

● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;

● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.

OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;

● O log pode ser consultado clicando em Logs do menu principal também;

 

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

 

Malwarebytes' Anti-Malware 1.33

Versão do banco de dados: 1714

Windows 5.1.2600 Service Pack 3

 

2/2/2009 11:28:56

mbam-log-2009-02-02 (11-28-56).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 59709

Tempo decorrido: 6 minute(s), 21 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 2

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 2

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\Downloaded Program Files\GbPluginABN.inf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Trojan.BHO) -> Delete on reboot.

 

2 log -

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:40:16, on 2/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\dklog.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dkcktkn.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\DOCUME~1\ADMINI~1.OEM\CONFIG~1\Temp\Diretório temporário 5 para HiJackThis.zip\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://orion/

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe

O4 - HKLM\..\Run: [AxMonitor] C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

O4 - HKLM\..\Run: [DkAutoReg] C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3B2FC559-5102-4482-9684-66906D53A500} (Auth Class) - http://www.t37.com.br/_conteudo/ecpf/EvalCriptoCOM.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com.br/s/v/35.08/uploader2.cab

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://www.wilsononline.com.br/includes/asp/arview2.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C327EC23-7F81-4E1D-802C-8780052BCD50}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\WINDOWS\system32\dklog.exe

O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\WINDOWS\system32\dkcktkn.exe

O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 10016 bytes

[MGuitar 11]

- Faça o download do ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

 

Cole este log em sua próxima resposta.

[BabiFerrer 0]

- Faça o download do ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

 

Cole este log em sua próxima resposta.

 

Ola, muito obrigada pela sua atenção !!!!

 

Então, estou seguindo direitinho o que você esta me ensinando, porem no caso do Combofix ele termina de instalar tudo direitinho, reinicia e não acontece mais nada.

 

esse foi o Log que deu -

 

ComboFix 09-02-02.02 - Administrador 2009-02-02 17:10:50.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.958.548 [GMT -2:00]

Executando de: C:\Documents and Settings\Administrador.OEM\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1296 [VPS 090202-0] *On-access scanning disabled* (Updated)

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Criado um novo ponto de restauro

.

[MGuitar 11]

O ComboFix não rodou corretamente. Por favor, siga este procedimento abaixo:

 

- Faça o download do RSIT e salve no seu desktop;

 

● Dê dois cliques em RSIT.exe para executar o programa;

● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;

● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;

● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

[BabiFerrer 0]

O ComboFix não rodou corretamente. Por favor, siga este procedimento abaixo:

 

- Faça o download do RSIT e salve no seu desktop;

 

● Dê dois cliques em RSIT.exe para executar o programa;

● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;

● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;

● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

 

Info.txt

 

info.txt logfile of random's system information tool 1.05 2009-02-03 16:01:32

 

======Uninstall list======

 

-->C:\Arquivos de programas\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\NuNInst.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.3 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81300000003}

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

avast! Antivirus-->C:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

Dic Michaelis - UOL-->C:\Dic\instala.exe -d

Google Toolbar for Internet Explorer-->"C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall

HijackThis 2.0.2-->"C:\DOCUME~1\ADMINI~1.OEM\CONFIG~1\Temp\Diretório temporário 1 para HiJackThis.zip\HijackThis.exe" /uninstall

Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

HP Image Zone 4.2-->C:\Arquivos de programas\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP OrderReminder-->"C:\Arquivos de programas\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018

HP PSC & OfficeJet 4.2-->"C:\Arquivos de programas\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

LaserJet 1018-->C:\Arquivos de programas\Zenographics\{29351AD1-1076-4DBC-8E50-649595FDDCBB}\setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"

Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Nero 7 Essentials-->MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1046}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI

On-line Help Console-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6283826F-59A2-11D9-BB04-000AE6BE6EE7}\setup.exe" -l0x9

OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}

PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_562.exe" _?=C:\Arquivos de programas\PDFCreator Toolbar

PDFCreator-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_562.exe" -hu _?=C:\Arquivos de programas\PDFCreator Toolbar

Picasa 3-->"C:\Arquivos de programas\Google\Picasa3\Uninstall.exe"

Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x416 -removeonly

SafeNet Borderless Security PK Client-->MsiExec.exe /X{74738135-38D6-4ABD-A2BF-A86744971607}

SafeNet iKey Driver v4.0.0.20-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6257E290-5E8E-11D4-9B8D-00D0B72459DD}\Setup.exe" -l0x9 UNINST

SafeNet iKey2032 versão 2.33 para Windows 2000/XP/Vista-->"C:\Arquivos de programas\Safenet\iKey2032\unins000.exe"

ScreenJot-->C:\Arquivos de programas\znSoftware\ScreenJot\screenjot_uninstall.exe

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

Spybot - Search & Destroy-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins001.exe"

Windows Live Messenger-->MsiExec.exe /I{37FD253D-5064-4034-8CEC-CC3995F823A4}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: AVG Anti-Virus Free

AV: avast! antivirus 4.8.1296 [VPS 090203-0]

 

System event log

 

Computer Name: AMABILE

Event Code: 7036

Message: O serviço IMAPI CD-Burning COM Service entrou no estado interrompido.

 

Record Number: 11684

Source Name: Service Control Manager

Time Written: 20090202165229.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 7036

Message: O serviço IMAPI CD-Burning COM Service entrou no estado executando.

 

Record Number: 11683

Source Name: Service Control Manager

Time Written: 20090202165222.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 7035

Message: O serviço IMAPI CD-Burning COM Service recebeu com êxito um controle Iniciar.

 

Record Number: 11682

Source Name: Service Control Manager

Time Written: 20090202165222.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: AMABILE

Event Code: 7036

Message: O serviço Serviços de criptografia entrou no estado executando.

 

Record Number: 11681

Source Name: Service Control Manager

Time Written: 20090202165215.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 7035

Message: O serviço Serviços de criptografia recebeu com êxito um controle Iniciar.

 

Record Number: 11680

Source Name: Service Control Manager

Time Written: 20090202165215.000000-120

Event Type: Informações

User: AMABILE\Administrador

 

Application event log

 

Computer Name: AMABILE

Event Code: 1800

Message: O Serviço da Central de Segurança do Windows foi iniciado.

 

Record Number: 2686

Source Name: SecurityCenter

Time Written: 20081117074855.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 1

Message:

Record Number: 2685

Source Name: avg8emc

Time Written: 20081117074851.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 0

Message: SafeNet Token Server (dkcktkn) Started Succesfully

 

Record Number: 2684

Source Name: SafeNet Token Service

Time Written: 20081117074828.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 5

Message: Starting SafeNet Token Service.

 

Record Number: 2683

Source Name: SafeNet Token Service

Time Written: 20081117074828.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 0

Message: SafeNet Logging Service (dkLog) Started Succesfully

 

Record Number: 2682

Source Name: DKLOG

Time Written: 20081117074824.000000-120

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 127 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=7f01

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

 

Log.txt

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Administrador at 2009-02-03 16:01:08

Microsoft Windows XP Professional Service Pack 3

System drive C: has 8 GB (40%) free of 19 GB

Total RAM: 958 MB (54% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:01, on 2009-02-03

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\SCardSvr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dklog.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dkcktkn.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrador.OEM\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\DOCUME~1\ADMINI~1.OEM\CONFIG~1\Temp\Diretório temporário 6 para HiJackThis.zip\Administrador.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://orion/

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe

O4 - HKLM\..\Run: [DkAutoReg] C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AxMonitor] C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3B2FC559-5102-4482-9684-66906D53A500} (Auth Class) - http://www.t37.com.br/_conteudo/ecpf/EvalCriptoCOM.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com.br/s/v/35.08/uploader2.cab

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://www.wilsononline.com.br/includes/asp/arview2.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C327EC23-7F81-4E1D-802C-8780052BCD50}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\WINDOWS\system32\dklog.exe

O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\WINDOWS\system32\dkcktkn.exe

O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 9816 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\User_Feed_Synchronization-{22B879E5-9FF6-41BF-A137-EE1116761378}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\SOFTWARE]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2008-12-08 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 251504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-07 657904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-01-28 396104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]

PDFCreator Toolbar Helper - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-03-19 806912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-07 522224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2008-12-08 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-08 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-03-19 806912]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 251504]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2008-12-08 136600]

"DkStartup"=C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe [2007-09-13 49152]

"DkAutoReg"=C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe [2007-09-13 253952]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]

"AxMonitor"=C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe [2007-09-13 450560]

"nwiz"=nwiz.exe /install []

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-16 68856]

"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-01-28 396104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DkWLNP]

C:\WINDOWS\system32\DkWLNP.dll [2007-09-13 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-01-28 396104]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Grisoft\AVG7\avginet.exe"="C:\Arquivos de programas\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"

"C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Arquivos de programas\SecondLife\SLVoice.exe"="C:\Arquivos de programas\SecondLife\SLVoice.exe:*:Enabled:SLVoice"

"C:\Arquivos de programas\AVG\AVG8\avgemc.exe"="C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Arquivos de programas\UOL\UIM\uim.exe"="C:\Arquivos de programas\UOL\UIM\uim.exe:*:Disabled:UOL"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2009-02-03 16:01:08 ----DC---- C:\rsit

2009-02-03 14:32:31 ----AC---- C:\WINDOWS\system32\aswBoot.exe

2009-02-03 14:11:31 ----DC---- C:\ComboFix

2009-02-03 14:11:18 ----AC---- C:\WINDOWS\system32\CF9679.exe

2009-02-02 17:54:30 ----AC---- C:\WINDOWS\system32\CF772.exe

2009-02-02 17:46:44 ----AC---- C:\WINDOWS\system32\CF31989.exe

2009-02-02 17:09:05 ----AC---- C:\WINDOWS\system32\CF24644.exe

2009-02-02 17:08:20 ----AC---- C:\WINDOWS\system32\CF24491.exe

2009-02-02 16:51:00 ----AC---- C:\WINDOWS\system32\CF21098.exe

2009-02-02 16:43:55 ----AC---- C:\Boot.bak

2009-02-02 16:43:40 ----RASHDC---- C:\cmdcons

2009-02-02 16:40:18 ----AC---- C:\WINDOWS\zip.exe

2009-02-02 16:40:18 ----AC---- C:\WINDOWS\VFIND.exe

2009-02-02 16:40:18 ----AC---- C:\WINDOWS\SWREG.exe

2009-02-02 16:40:18 ----AC---- C:\WINDOWS\sed.exe

2009-02-02 16:40:18 ----AC---- C:\WINDOWS\NIRCMD.exe

2009-02-02 16:40:18 ----AC---- C:\WINDOWS\grep.exe

2009-02-02 16:40:18 ----AC---- C:\WINDOWS\fdsv.exe

2009-02-02 16:40:17 ----AC---- C:\WINDOWS\SWXCACLS.exe

2009-02-02 16:40:17 ----AC---- C:\WINDOWS\SWSC.exe

2009-02-02 16:40:06 ----DC---- C:\WINDOWS\ERDNT

2009-02-02 16:40:06 ----DC---- C:\Qoobox

2009-02-02 16:40:01 ----AC---- C:\WINDOWS\system32\CF18939.exe

2009-02-02 16:13:40 ----DC---- C:\WINDOWS\system32\Lang

2009-02-02 11:20:19 ----DC---- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\Malwarebytes

2009-02-02 11:20:11 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

2009-02-02 11:20:10 ----DC---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-01-30 07:45:54 ----HDC---- C:\$AVG8.VAULT$

2009-01-29 15:09:30 ----AC---- C:\WINDOWS\system32\MFC71.dll

2009-01-29 15:09:12 ----DC---- C:\Arquivos de programas\Alwil Software

2009-01-29 15:07:17 ----DC---- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\FTWeak

2009-01-29 14:45:07 ----DC---- C:\WINDOWS\McAfee.com

2009-01-29 11:56:05 ----AC---- C:\WINDOWS\system32\avgrsstx1.dll

2009-01-29 11:55:15 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\avg8

2009-01-09 15:55:30 ----DC---- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\Mozilla

2009-01-09 15:54:53 ----DC---- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\SecondLife

 

======List of files/folders modified in the last 1 months======

 

2009-02-03 16:01:11 ----DC---- C:\WINDOWS\Prefetch

2009-02-03 15:45:44 ----D---- C:\WINDOWS\Temp

2009-02-03 15:36:19 ----DC---- C:\WINDOWS

2009-02-03 14:49:24 ----AC---- C:\WINDOWS\SchedLgU.Txt

2009-02-03 14:46:03 ----DC---- C:\WINDOWS\system32

2009-02-03 14:46:02 ----AD---- C:\WINDOWS\system32\drivers

2009-02-03 14:45:59 ----RDC---- C:\Arquivos de programas

2009-02-03 14:13:02 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-03 14:09:04 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2009-02-03 14:05:31 ----DC---- C:\amabile

2009-02-03 14:00:32 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2009-02-03 11:25:00 ----DC---- C:\Arquivos de programas\GbPlugin

2009-02-02 16:59:10 ----RASHC---- C:\boot.ini

2009-02-02 16:59:10 ----AC---- C:\WINDOWS\win.ini

2009-02-02 16:59:10 ----AC---- C:\WINDOWS\system.ini

2009-02-02 14:27:24 ----AC---- C:\WINDOWS\WDIC.INI

2009-02-02 13:48:17 ----DC---- C:\WINDOWS\Downloaded Program Files

2009-01-30 07:50:21 ----D---- C:\WINDOWS\system32\config

2009-01-29 11:55:07 ----SHDC---- C:\WINDOWS\Installer

2009-01-29 11:54:59 ----HDC---- C:\Config.Msi

2009-01-29 11:11:39 ----AC---- C:\WINDOWS\RtlRack.ini

2009-01-29 11:10:03 ----DC---- C:\Program Files

2009-01-23 17:16:51 ----DC---- C:\WINDOWS\system32\dllcache

2009-01-23 17:14:57 ----D---- C:\WINDOWS\system32\inetsrv

2009-01-23 17:14:42 ----DC---- C:\WINDOWS\security

2009-01-15 12:36:24 ----DC---- C:\WINDOWS\Debug

2009-01-14 15:58:09 ----DC---- C:\WINDOWS\inf

2009-01-14 15:56:58 ----DC---- C:\WINDOWS\$hf_mig$

2009-01-09 23:35:28 ----AC---- C:\WINDOWS\system32\MRT.exe

2009-01-08 17:40:01 ----DC---- C:\Arquivos de programas\CCleaner

2009-01-08 17:29:13 ----DC---- C:\Documents and Settings

2009-01-07 08:32:02 ----DC---- C:\Arquivos de programas\Google

2009-01-07 08:12:41 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Google

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]

R3 iKeyEnum;Rainbow iKey Enumerator; C:\WINDOWS\system32\DRIVERS\ikeyenum.sys [2007-12-17 12480]

R3 iKeyIFD;Rainbow iKey Virtual Reader; C:\WINDOWS\system32\DRIVERS\ikeyifd.sys [2007-12-17 19232]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-09 4449280]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]

R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]

S3 RnbToken;Rainbow iKey Token Service; C:\WINDOWS\system32\DRIVERS\rnbtoken.sys [2007-12-17 22304]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]

R2 DkLogger;SafeNet Log Service; C:\WINDOWS\system32\dklog.exe [2007-09-13 106496]

R2 DkTknSrv;SafeNet Token Service; C:\WINDOWS\system32\dkcktkn.exe [2007-09-13 737280]

R2 DkVcm;SafeNet Virtual Channel Monitor; C:\WINDOWS\system32\dkvcm.exe [2007-09-13 122880]

R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-12-08 152984]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]

S2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2008-09-26 47080]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-07 137200]

S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]

S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

 

-----------------EOF-----------------

[BabiFerrer 0]

so mais uma coisa, o Anti-virus Avast pegou o seguinte virus no meu compoutador - Win32:Trojan-gen(other) porem em pesquisa pela internet descobri que a maioria do virus dectados pelo Avast, sempre da o mesmo nome., eu enviei o virus para a quarentena porque não encontrei vacina.

[MGuitar 11]

Desculpe a demora.

 

so mais uma coisa, o Anti-virus Avast pegou o seguinte virus no meu compoutador - Win32:Trojan-gen(other) porem em pesquisa pela internet descobri que a maioria do virus dectados pelo Avast, sempre da o mesmo nome., eu enviei o virus para a quarentena porque não encontrei vacina.

Poderia me dizer o nome do arquivo detectado pelo Avast?

 

Execute o HijackThis e clique em Do a system scan only. Marque as entradas abaixo e clique no botão Fix Checked.

 

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

 

O2 - BHO: (no name) - SOFTWARE - (no file)

 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan seguindo o tutorial do link abaixo:

 

Tutorial Kaspersky Online Scanner

 

Ao término do scan, salve o relatório com a extensão .txt em seu computador (como mostra no final do tutorial) e poste-o em sua próxima resposta por favor.

[BabiFerrer 0]

Oi, td bem !!

 

Então o HijackThis esta de comportando de maneira estranha, a tela simplesmente some, e eu tenho que refazer tudo de novo, ocorreu isso umas 03 vezes, até que da 4 vez eu consegui seguir suas instruções...

-----------------------

Boa tarde.

 

Então não postei o log, porque simplesmente o programa não detectou nenhum virus, meu computador esta zerado de virus, o que o avast capturou ele mesmo vacinou e excluiu.

Já consegui fazer o lance do Hijackthis. e esta tudo lindo.

 

Muito obrigada !

[MGuitar 11]

Se o Kaspersky nada detectou, ótimo!

 

O log do HijackThis também está limpo.

 

Não há mais problemas no PC?

[BabiFerrer 0]

Se o Kaspersky nada detectou, ótimo!

 

O log do HijackThis também está limpo.

 

Não há mais problemas no PC?

 

Amigo, alegria de pobre dura bem pouco !!! Acabei de passar o Malwarebytes e olha o que deu.

Já havia dado esses Trojan da primeira vez que você me indicou o programa, cliquei em remover, beleza

sumiu... Porem depois do pau que eu te disse que deu no HijackThis, olha eles ai outra vez....

Andei pesquisando na Net sobre o GbPlugin, porem cada um diz uma coisa, dizem que e virus outros dizem que não é, o mais incrivel e que depois deles detectados começou a entrar e-mail em minha caixa do Carteiro, que eu sei que e virus inclusive eles já são automaticamente bloqueados... se você puder mais uma vez me ajudar....

 

Malwarebytes' Anti-Malware 1.33

Versão do banco de dados: 1716

Windows 5.1.2600 Service Pack 3

 

09/02/2009 15:40:37

mbam-log-2009-02-09 (15-40-37).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 60717

Tempo decorrido: 11 minute(s), 44 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 2

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Delete on reboot.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Trojan.BHO) -> Delete on reboot.

[MGuitar 11]

O GbPlugin é um plugin de segurança instalado por bancos online. Você possivelmente acessou sites de bancos online como Caixa Econômica Federal por exemplo. Este plugin pode ser tanto legítmo quanto um vírus realmente. Enfim, o que me leva a crer que seja um falso-positivo do Malwarebytes.

 

- Faça o download do OTViewIt e salve no seu desktop;

 

● Duplo clique no icone do OTViewIt que está no seu desktop;

● Marque a caixa Scan All Users;

● Aperte o botão Run Scan e aguarde;

● Serão gerados dois relatórios. Copie e cole-os na sua próxima resposta:

 

- OTViewIt.txt <- Este será automaticamente aberto

- Extra.txt <- Este estará minimizado

[BabiFerrer 0]

O GbPlugin é um plugin de segurança instalado por bancos online. Você possivelmente acessou sites de bancos online como Caixa Econômica Federal por exemplo. Este plugin pode ser tanto legítmo quanto um vírus realmente. Enfim, o que me leva a crer que seja um falso-positivo do Malwarebytes.

 

- Faça o download do OTViewIt e salve no seu desktop;

 

● Duplo clique no icone do OTViewIt que está no seu desktop;

● Marque a caixa Scan All Users;

● Aperte o botão Run Scan e aguarde;

● Serão gerados dois relatórios. Copie e cole-os na sua próxima resposta:

 

- OTViewIt.txt <- Este será automaticamente aberto

- Extra.txt <- Este estará minimizado

 

Bom dia !!!

 

Então o Log gerado automaticamente segue abaixo, porem o programa não consegue rodar. dando um erro de WIN32 ERROR CODE 1500 O ARQUIVO DE LOG DE EVENTOS ESTA CORROMPIDO.

 

OTViewIt logfile created on: 10/02/2009 10:33:48 - Run 3

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrador.OEM\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

958.42 Mb Total Physical Memory | 578.71 Mb Available Physical Memory | 60.38% Memory free

2.26 Gb Paging File | 1.94 Gb Available in Paging File | 85.83% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 18.64 Gb Total Space | 7.30 Gb Free Space | 39.18% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 240.24 Mb Total Space | 240.00 Mb Free Space | 99.90% Space Free | Partition Type: FAT

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: AMABILE

Current User Name: Administrador

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2008/10/24 11:58:20 | 00,052,800 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

[2009/02/05 19:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

[2009/02/05 19:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

[2008/12/08 14:31:01 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jusched.exe

[2007/09/13 15:17:40 | 00,253,952 | ---- | M] (SafeNet, Inc.) -- C:\Arquivos de programas\SafeNet\BSecClient\dkAutoReg.exe

[2007/07/05 06:08:00 | 16,380,416 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

[2007/09/13 15:27:14 | 00,450,560 | ---- | M] () -- C:\Arquivos de programas\SafeNet\BSecClient\AXMonitor.exe

[2009/02/05 19:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

[2008/10/16 10:07:10 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[2007/09/13 15:15:06 | 00,106,496 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dklog.exe

[2007/09/13 15:21:16 | 00,122,880 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dkvcm.exe

[2007/05/15 16:55:46 | 01,550,896 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

[2008/12/08 14:30:59 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe

[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

[2006/10/31 04:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2007/09/13 15:17:04 | 00,737,280 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dkcktkn.exe

[2009/02/05 19:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

[2009/02/05 19:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

[2008/04/14 00:21:24 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

[2009/02/10 10:19:23 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador.OEM\Desktop\OTViewIt.exe

[2009/02/09 17:30:19 | 02,527,280 | ---- | M] () -- C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

 

========== (O23) Win32 Services ==========

 

[2009/02/05 19:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

[2009/02/05 19:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

[2009/02/05 19:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

[2009/02/05 19:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

[2007/09/13 15:15:06 | 00,106,496 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dklog.exe -- (DkLogger [Auto | Running])

[2007/09/13 15:17:04 | 00,737,280 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dkcktkn.exe -- (DkTknSrv [Auto | Running])

[2007/09/13 15:21:16 | 00,122,880 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dkvcm.exe -- (DkVcm [Auto | Running])

[2008/10/24 11:58:20 | 00,052,800 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv [unknown | Running])

[2009/01/07 08:32:05 | 00,137,200 | ---- | M] (Google) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2007/05/15 16:55:46 | 01,550,896 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])

[2008/12/08 14:30:59 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])

[2007/04/13 22:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

[2007/05/08 20:47:22 | 00,271,920 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

[2006/10/31 04:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

[2006/11/03 00:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services ==========

 

[2009/02/05 19:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running])

[2009/02/05 19:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

[2009/02/05 19:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

[2009/02/05 19:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

[2009/02/05 19:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running])

[2009/02/05 19:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

[2008/09/09 10:56:34 | 00,031,048 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm [boot | Running])

[2008/04/13 14:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2004/06/21 15:40:48 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412 [On_Demand | Running])

[2004/06/21 15:40:48 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])

[2004/06/21 15:40:48 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])

[2007/12/17 11:34:16 | 00,012,480 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\drivers\IKEYENUM.SYS -- (iKeyEnum [On_Demand | Running])

[2007/12/17 11:34:16 | 00,019,232 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\drivers\IKEYIFD.SYS -- (iKeyIFD [On_Demand | Running])

[2007/05/15 16:55:36 | 00,118,576 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])

[2007/05/15 16:55:36 | 00,037,040 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass [system | Running])

[2007/05/15 16:55:36 | 00,038,576 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm [system | Running])

[2007/07/09 23:56:00 | 04,449,280 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

[2006/10/31 04:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2006/06/28 07:38:56 | 00,105,088 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [boot | Running])

[2006/11/27 06:33:50 | 00,058,368 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])

[2006/11/27 06:33:54 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])

[2001/10/28 13:07:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2008/07/31 20:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2007/12/17 11:34:16 | 00,022,304 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\drivers\RNBTOKEN.SYS -- (RnbToken [On_Demand | Stopped])

[2004/08/03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])

[2007/11/13 08:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"AlwaysUseDefaultPrinter"=

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=&http://home.microsoft.com/intl/br/access/allinone.asp

"Secondary Start Pages"=

"Start Page"=http://www.uol.com.br/

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-21-507921405-2000478354-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main]

"AlwaysUseDefaultPrinter"=

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=&http://home.microsoft.com/intl/br/access/allinone.asp

"Secondary Start Pages"=

"Start Page"=http://www.uol.com.br/

 

[HKEY_USERS\S-1-5-21-507921405-2000478354-725345543-500\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-507921405-2000478354-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

========== (O1) Hosts File ==========

 

HOSTS File = (292696 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.10sek.com

127.0.0.1 10sek.com

127.0.0.1 www.123topsearch.com

127.0.0.1 123topsearch.com

127.0.0.1 www.132.com

127.0.0.1 132.com

127.0.0.1 www.136136.net

127.0.0.1 136136.net

127.0.0.1 www.163ns.com

127.0.0.1 163ns.com

10078 more lines...

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll ()

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

{C41A1C0E-EA6C-11D4-B1B8-444553540000} (HKLM) -- C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

{C41A1C0E-EA6C-11D4-B1B8-444553540007} (HKLM) -- C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

{C451C08A-EC37-45DF-AAAD-18B51AB5E837} (HKLM) -- C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll ()

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" (HKLM) -- C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" (HKLM) -- C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll ()

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" (HKLM) -- C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-507921405-2000478354-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" (HKLM) -- C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

 

[HKEY_USERS\S-1-5-21-507921405-2000478354-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll ()

 

[HKEY_USERS\S-1-5-21-507921405-2000478354-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" (HKLM) -- C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

 

[HKEY_USERS\S-1-5-21-507921405-2000478354-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)

"AxMonitor"=C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe ()

"DkAutoReg"=C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe (SafeNet, Inc.)

"DkStartup"=C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe (SafeNet, Inc.)

"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

"nwiz"=nwiz.exe /install ()

"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

 

[HKEY_USERS\S-1-5-21-507921405-2000478354-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

 

========== (O4) Startup Folders ==========

 

[2004/05/28 23:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"disableregistrytools"=0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-507921405-2000478354-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-507921405-2000478354-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"disableregistrytools"=0

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2008/12/12 19:47:18 | 03,751,995 | ---- | M] (Google Inc.)

E&xportar para o Microsoft Excel: C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 11:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]

Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2008/12/12 19:47:18 | 03,751,995 | ---- | M] (Google Inc.)

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]

Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2008/12/12 19:47:18 | 03,751,995 | ---- | M] (Google Inc.)

 

[HKEY_USERS\S-1-5-21-507921405-2000478354-725345543-500\Software\Microsoft\Internet Explorer\MenuExt\]

Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2008/12/12 19:47:18 | 03,751,995 | ---- | M] (Google Inc.)

E&xportar para o Microsoft Excel: C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 11:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Pesquisar -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 07:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 15:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 16:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:21:10 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:21:10 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found

CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Pesquisar] -> [2003/07/15 07:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [spybot - Search & Destroy Configuration] -> [2008/09/15 15:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:21:10 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-507921405-2000478354-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found

CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Pesquisar] -> [2003/07/15 07:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [spybot - Search & Destroy Configuration] -> [2008/09/15 15:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:21:10 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

49 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

48 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

48 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

48 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\S-1-5-21-507921405-2000478354-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

48 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{3B2FC559-5102-4482-9684-66906D53A500}: http://www.t37.com.br/_conteudo/ecpf/EvalCriptoCOM.cab -- Auth Class

{474F00F5-3853-492C-AC3A-476512BBC336}: http://picasaweb.google.com.br/s/v/35.08/uploader2.cab -- UploadListView Class

{8569D715-FF88-44BA-8D1D-AD3E59543DDE}: http://www.wilsononline.com.br/includes/asp/arview2.cab -- ActiveReports Viewer2

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}: http://game02.zylom.com/activex/zylomgamesplayer.cab -- Zylom Games Player

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

{E37CB5F0-51F5-4395-A808-5FA49E399007}: https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab -- GbPluginObj Class

 

========== (O17) DNS Name Servers ==========

 

{8B33D053-8929-4BED-8C11-37C46F6480EC} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

{F8144C66-BC8B-4468-8033-F0214DFA0A26} (Servers: | Description: NVIDIA nForce Networking Controller)

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

GbPluginAbn: "DllName" = C:\ARQUIV~1\GbPlugin\gbiehabn.dll -- C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

GbPluginBb: "DllName" = C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll -- C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

GbPluginCef: "DllName" = C:\Arquivos de programas\GbPlugin\gbiehcef.dll -- C:\Arquivos de programas\GbPlugin\gbiehcef.dll File not found

DkWLNP: "DllName" = DkWLNP.dll -- C:\WINDOWS\system32\DkWLNP.dll (SafeNet, Inc.)

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}" (HKLM) -- C:\Arquivos de programas\GbPlugin\gbiehcef.dll File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}" (HKLM) -- C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" (HKLM) -- C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2006/09/12 19:47:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009/02/10 10:19:16 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador.OEM\Desktop\OTViewIt.exe

[2009/02/09 18:08:37 | 00,000,000 | ---D | C] -- C:\ComboFix

[2009/02/09 18:08:35 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF12457.exe

[2009/02/09 12:48:45 | 00,000,000 | ---D | C] -- C:\HiJackThis

[2009/02/09 12:31:39 | 00,000,934 | ---- | C] () -- C:\Documents and Settings\Administrador.OEM\Desktop\Códigos de Barra - Comércio Exterior.lnk

[2009/02/09 12:31:38 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Códigos de Barra - Comércio Exterior

[2009/02/03 17:26:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2009/02/03 16:01:08 | 00,000,000 | ---D | C] -- C:\rsit

[2009/02/03 14:34:04 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk

[2009/02/03 14:34:03 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009/02/03 14:33:59 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009/02/03 14:33:55 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009/02/03 14:33:48 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009/02/03 14:33:47 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009/02/03 14:33:47 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009/02/03 14:33:46 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009/02/03 14:33:46 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009/02/03 14:32:31 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009/02/03 14:32:31 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2009/02/03 14:11:18 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9679.exe

[2009/02/03 11:25:00 | 00,031,048 | ---- | C] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\gbpkm.sys

[2009/02/02 17:54:30 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF772.exe

[2009/02/02 17:46:44 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31989.exe

[2009/02/02 17:09:05 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24644.exe

[2009/02/02 17:08:20 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24491.exe

[2009/02/02 16:51:00 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21098.exe

[2009/02/02 16:43:55 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2009/02/02 16:43:47 | 00,261,856 | ---- | C] () -- C:\cmldr

[2009/02/02 16:43:40 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/02/02 16:40:18 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/02/02 16:40:18 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/02/02 16:40:18 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe

[2009/02/02 16:40:18 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/02/02 16:40:18 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/02/02 16:40:18 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

[2009/02/02 16:40:18 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/02/02 16:40:17 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/02/02 16:40:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/02/02 16:40:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/02/02 16:40:06 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/02/02 16:40:01 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF18939.exe

[2009/02/02 16:13:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang

[2009/02/02 11:20:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\Malwarebytes

[2009/02/02 11:20:15 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/02/02 11:20:14 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/02/02 11:20:12 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/02/02 11:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

[2009/02/02 11:20:10 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2009/01/29 15:45:58 | 00,318,369 | ---- | C] () -- C:\HiJackThis.zip

[2009/01/29 15:09:30 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll

[2009/01/29 15:09:12 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Alwil Software

[2009/01/29 15:07:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\FTWeak

[2009/01/29 14:51:07 | 00,000,843 | ---- | C] () -- C:\Documents and Settings\Administrador.OEM\Desktop\Internet Explorer.lnk

[2009/01/29 14:45:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\McAfee.com

[2009/01/29 13:47:52 | 00,104,076 | ---- | C] () -- C:\Documents and Settings\Administrador.OEM\Desktop\Departamento do Fundo da Marinha Mercante - Sistema Mercante.mht

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrador.OEM\Desktop\Departamento do Fundo da Marinha Mercante - Sistema Mercante.mht:SummaryInformation

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrador.OEM\Desktop\Departamento do Fundo da Marinha Mercante - Sistema Mercante.mht:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

[2009/01/29 11:55:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\avg8

[2009/01/23 14:12:14 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Administrador.OEM\Meus documentos\Termo de Retificação export cma.doc

[2009/01/21 14:15:21 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Administrador.OEM\Meus documentos\TERMO DE RETIFICACAO SISCOMEX CARGA NEWS LOGISTICS.doc

 

========== Files - Modified Within 30 Days ==========

 

[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009/10/09 08:56:04 | 00,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{22B879E5-9FF6-41BF-A137-EE1116761378}.job

[2009/02/10 10:32:12 | 00,000,494 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2009/02/10 10:32:01 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/02/10 10:31:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009/02/10 10:31:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/02/10 10:31:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/02/10 10:19:23 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador.OEM\Desktop\OTViewIt.exe

[2009/02/09 18:08:24 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF12457.exe

[2009/02/09 17:33:13 | 00,003,018 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/02/09 17:10:39 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2009/02/09 15:42:57 | 00,243,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/02/09 12:34:55 | 00,065,176 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/02/09 12:31:39 | 00,000,934 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Desktop\Códigos de Barra - Comércio Exterior.lnk

[2009/02/09 11:08:53 | 00,759,962 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/02/09 11:08:53 | 00,347,294 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2009/02/09 11:08:53 | 00,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/02/09 11:08:53 | 00,049,586 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2009/02/09 11:08:53 | 00,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/02/06 13:07:53 | 00,008,242 | ---- | M] () -- C:\WINDOWS\WDIC.INI

[2009/02/05 19:11:35 | 01,256,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009/02/05 19:08:19 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009/02/05 19:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009/02/05 19:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009/02/05 19:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009/02/05 19:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009/02/05 19:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009/02/05 19:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009/02/05 19:04:45 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009/02/03 18:04:03 | 00,292,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/02/03 17:30:22 | 00,292,696 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090203-180403.backup

[2009/02/03 17:30:15 | 00,292,696 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090203-173022.backup

[2009/02/03 17:26:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\VPC32.INI

[2009/02/03 14:34:04 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk

[2009/02/03 14:10:29 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9679.exe

[2009/02/02 17:54:24 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF772.exe

[2009/02/02 17:46:28 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31989.exe

[2009/02/02 17:09:01 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24644.exe

[2009/02/02 17:08:14 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24491.exe

[2009/02/02 16:59:10 | 00,000,629 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/02/02 16:59:10 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009/02/02 16:59:10 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/02/02 16:50:54 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21098.exe

[2009/02/02 16:39:54 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF18939.exe

[2009/02/02 16:26:14 | 00,000,211 | ---- | M] () -- C:\Boot.bak

[2009/02/02 14:18:31 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Desktop\CCleaner.lnk

[2009/02/02 11:20:15 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/01/29 15:46:02 | 00,318,369 | ---- | M] () -- C:\HiJackThis.zip

[2009/01/29 13:48:39 | 00,104,076 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Desktop\Departamento do Fundo da Marinha Mercante - Sistema Mercante.mht

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrador.OEM\Desktop\Departamento do Fundo da Marinha Mercante - Sistema Mercante.mht:SummaryInformation

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrador.OEM\Desktop\Departamento do Fundo da Marinha Mercante - Sistema Mercante.mht:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

[2009/01/29 11:11:39 | 00,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini

[2009/01/28 14:57:17 | 00,292,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090203-173015.backup

[2009/01/28 14:57:07 | 00,292,696 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090128-145717.backup

[2009/01/23 14:32:18 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Meus documentos\Termo de Retificação export cma.doc

[2009/01/21 14:15:21 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Meus documentos\TERMO DE RETIFICACAO SISCOMEX CARGA NEWS LOGISTICS.doc

[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

< End of report >

[MGuitar 11]

1ª Etapa

 

- Faça o download do OTMoveIt3 e salve no desktop;

 

● Dê um duplo clique no ícone do programa (OTMoveIt3) para executá-lo;

● Selecione e copie todo este conteúdo aqui abaixo:

 

:Processes

explorer.exe

 

:Services

GbpSv

 

:Files

C:\Arquivos de programas\GbPlugin

 

:Reg

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GbPluginAbn]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GbPluginBb]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GbPluginCef]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=-

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=-

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=-

 

:Commands

[emptytemp]

[purity]

[start explorer]

[Reboot]

 

● Cole o que você copiou no programa (no espaço em branco da janela);

● Clique no botão MoveIt;

● Se aparecer uma mensagem para reiniciar o computador, reinicie-o;

● Na sua proxima resposta, copie e cole o todo o conteúdo que está em Results;

● Se o computador reiniciou, vá na pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

 

 

2ª Etapa

 

Execute a ferramenta RSIT novamente e clique em Execute.

 

Na sua próxima resposta, cole os logs do OTMoveIt3 e RSIT.

[BabiFerrer 0]

1ª Etapa

 

- Faça o download do OTMoveIt3 e salve no desktop;

 

● Dê um duplo clique no ícone do programa (OTMoveIt3) para executá-lo;

● Selecione e copie todo este conteúdo aqui abaixo:

 

:Processes

explorer.exe

 

:Services

GbpSv

 

:Files

C:\Arquivos de programas\GbPlugin

 

:Reg

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GbPluginAbn]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GbPluginBb]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GbPluginCef]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=-

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=-

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=-

 

:Commands

[emptytemp]

[purity]

[start explorer]

[Reboot]

 

● Cole o que você copiou no programa (no espaço em branco da janela);

● Clique no botão MoveIt;

● Se aparecer uma mensagem para reiniciar o computador, reinicie-o;

● Na sua proxima resposta, copie e cole o todo o conteúdo que está em Results;

● Se o computador reiniciou, vá na pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

 

 

2ª Etapa

 

Execute a ferramenta RSIT novamente e clique em Execute.

 

Na sua próxima resposta, cole os logs do OTMoveIt3 e RSIT.

 

Tá dificil, então não estou encontrando o arquivo RSIT para baixar na net, e o OTMoveIt3 não gerou log, deu uma mensagem de erro, onde diz que não foi possivel gerar o arquivo de log.

 

Estou te dando muito trabalho !

[MGuitar 11]

Estou te dando muito trabalho !

De forma alguma!

 

Estamos aqui para isso mesmo. Não se preocupe quanto à uma ferramenta rodar ou não rodar, dar certo ou não...

 

Delete a pasta C:\rsit (caso exista ainda). Veja se não foi criada uma pasta no seguinte diretório: C:\_OTMoveIt. Se sim, entre dentro desta pasta e veja se existe algum arquivo (log) .txt dentro da mesma. Se sim, poste-o aqui.

 

- Faça o download do RSIT e salve no seu desktop;

 

● Dê dois cliques em RSIT.exe para executar o programa;

● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;

● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;

● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

[BabiFerrer 0]

Estou te dando muito trabalho !

De forma alguma!

 

Estamos aqui para isso mesmo. Não se preocupe quanto à uma ferramenta rodar ou não rodar, dar certo ou não...

 

Delete a pasta C:\rsit (caso exista ainda). Veja se não foi criada uma pasta no seguinte diretório: C:\_OTMoveIt. Se sim, entre dentro desta pasta e veja se existe algum arquivo (log) .txt dentro da mesma. Se sim, poste-o aqui.

 

- Faça o download do RSIT e salve no seu desktop;

 

● Dê dois cliques em RSIT.exe para executar o programa;

● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;

● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;

● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

 

Boa tarde,

Então como eu havia dito, a pasta do _OTMoveIt foi criada com exito, porem da um erro dizendo que não foi possivel criar o log., olhei dentro das pastas achando que poderia estar oculto mais não esta. Segue abaixo o LOG.txt e o INFO.txt

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Administrador at 2009-02-13 13:41:14

Microsoft Windows XP Professional Service Pack 3

System drive C: has 7 GB (38%) free of 19 GB

Total RAM: 958 MB (60% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:41, on 13/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\SCardSvr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dklog.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dkcktkn.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Administrador.OEM\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\HiJackThis\Administrador.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://orion/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe

O4 - HKLM\..\Run: [DkAutoReg] C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AxMonitor] C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3B2FC559-5102-4482-9684-66906D53A500} (Auth Class) - http://www.t37.com.br/_conteudo/ecpf/EvalCriptoCOM.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com.br/s/v/35.08/uploader2.cab

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://www.wilsononline.com.br/includes/asp/arview2.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C327EC23-7F81-4E1D-802C-8780052BCD50}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\WINDOWS\system32\dklog.exe

O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\WINDOWS\system32\dkcktkn.exe

O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 9275 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\User_Feed_Synchronization-{22B879E5-9FF6-41BF-A137-EE1116761378}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2008-12-08 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 251504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-07 657904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-01-28 396104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]

PDFCreator Toolbar Helper - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-03-19 806912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-07 522224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2008-12-08 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-08 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-03-19 806912]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 251504]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2008-12-08 136600]

"DkStartup"=C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe [2007-09-13 49152]

"DkAutoReg"=C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe [2007-09-13 253952]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]

"AxMonitor"=C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe [2007-09-13 450560]

"nwiz"=nwiz.exe /install []

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-16 68856]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-01-28 396104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DkWLNP]

C:\WINDOWS\system32\DkWLNP.dll [2007-09-13 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-01-28 396104]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Grisoft\AVG7\avginet.exe"="C:\Arquivos de programas\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"

"C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Arquivos de programas\SecondLife\SLVoice.exe"="C:\Arquivos de programas\SecondLife\SLVoice.exe:*:Enabled:SLVoice"

"C:\Arquivos de programas\AVG\AVG8\avgemc.exe"="C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Arquivos de programas\UOL\UIM\uim.exe"="C:\Arquivos de programas\UOL\UIM\uim.exe:*:Disabled:UOL"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2009-02-13 13:41:14 ----DC---- C:\rsit

2009-02-12 13:06:39 ----DC---- C:\_OTMoveIt

2009-02-10 08:02:12 ----AC---- C:\WINDOWS\SchedLgU.Txt

2009-02-09 18:08:37 ----DC---- C:\ComboFix

2009-02-09 18:08:35 ----AC---- C:\WINDOWS\system32\CF12457.exe

2009-02-09 12:48:45 ----DC---- C:\HiJackThis

2009-02-09 12:31:38 ----DC---- C:\Arquivos de programas\Códigos de Barra - Comércio Exterior

2009-02-03 17:26:46 ----AC---- C:\WINDOWS\VPC32.INI

2009-02-03 14:32:31 ----AC---- C:\WINDOWS\system32\aswBoot.exe

2009-02-03 14:11:18 ----AC---- C:\WINDOWS\system32\CF9679.exe

2009-02-02 17:54:30 ----AC---- C:\WINDOWS\system32\CF772.exe

2009-02-02 17:46:44 ----AC---- C:\WINDOWS\system32\CF31989.exe

2009-02-02 17:09:05 ----AC---- C:\WINDOWS\system32\CF24644.exe

2009-02-02 17:08:20 ----AC---- C:\WINDOWS\system32\CF24491.exe

2009-02-02 16:51:00 ----AC---- C:\WINDOWS\system32\CF21098.exe

2009-02-02 16:43:55 ----AC---- C:\Boot.bak

2009-02-02 16:43:40 ----RASHDC---- C:\cmdcons

2009-02-02 16:40:18 ----AC---- C:\WINDOWS\zip.exe

2009-02-02 16:40:18 ----AC---- C:\WINDOWS\VFIND.exe

2009-02-02 16:40:18 ----AC---- C:\WINDOWS\SWREG.exe

2009-02-02 16:40:18 ----AC---- C:\WINDOWS\sed.exe

2009-02-02 16:40:18 ----AC---- C:\WINDOWS\NIRCMD.exe

2009-02-02 16:40:18 ----AC---- C:\WINDOWS\grep.exe

2009-02-02 16:40:18 ----AC---- C:\WINDOWS\fdsv.exe

2009-02-02 16:40:17 ----AC---- C:\WINDOWS\SWXCACLS.exe

2009-02-02 16:40:17 ----AC---- C:\WINDOWS\SWSC.exe

2009-02-02 16:40:06 ----DC---- C:\WINDOWS\ERDNT

2009-02-02 16:40:06 ----DC---- C:\Qoobox

2009-02-02 16:40:01 ----AC---- C:\WINDOWS\system32\CF18939.exe

2009-02-02 16:13:40 ----DC---- C:\WINDOWS\system32\Lang

2009-02-02 11:20:19 ----DC---- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\Malwarebytes

2009-02-02 11:20:11 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

2009-02-02 11:20:10 ----DC---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-01-29 15:09:30 ----AC---- C:\WINDOWS\system32\MFC71.dll

2009-01-29 15:09:12 ----DC---- C:\Arquivos de programas\Alwil Software

2009-01-29 15:07:17 ----DC---- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\FTWeak

2009-01-29 14:45:07 ----DC---- C:\WINDOWS\McAfee.com

2009-01-29 11:55:15 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\avg8

 

======List of files/folders modified in the last 1 months======

 

2009-02-13 11:45:51 ----D---- C:\WINDOWS\Temp

2009-02-13 11:41:56 ----DC---- C:\WINDOWS

2009-02-13 11:38:53 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-13 11:37:31 ----DC---- C:\WINDOWS\Debug

2009-02-13 07:47:57 ----DC---- C:\WINDOWS\system32

2009-02-12 17:58:55 ----DC---- C:\WINDOWS\inf

2009-02-12 17:58:51 ----DC---- C:\WINDOWS\$hf_mig$

2009-02-12 17:58:09 ----DC---- C:\WINDOWS\system32\dllcache

2009-02-12 17:58:03 ----DC---- C:\Arquivos de programas\Internet Explorer

2009-02-12 17:57:38 ----DC---- C:\WINDOWS\ie7updates

2009-02-12 13:06:11 ----DC---- C:\WINDOWS\Prefetch

2009-02-12 09:56:11 ----AC---- C:\WINDOWS\WDIC.INI

2009-02-12 02:56:17 ----AC---- C:\WINDOWS\system32\MRT.exe

2009-02-11 09:28:38 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2009-02-09 15:42:25 ----DC---- C:\Arquivos de programas\GbPlugin

2009-02-09 15:42:25 ----AD---- C:\WINDOWS\system32\drivers

2009-02-09 12:31:38 ----RDC---- C:\Arquivos de programas

2009-02-09 12:31:38 ----DC---- C:\WINDOWS\Fonts

2009-02-09 11:08:53 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-02-09 11:06:35 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2009-02-03 14:05:31 ----DC---- C:\amabile

2009-02-02 16:59:10 ----RASHC---- C:\boot.ini

2009-02-02 16:59:10 ----AC---- C:\WINDOWS\win.ini

2009-02-02 16:59:10 ----AC---- C:\WINDOWS\system.ini

2009-02-02 13:48:17 ----DC---- C:\WINDOWS\Downloaded Program Files

2009-01-30 07:50:21 ----D---- C:\WINDOWS\system32\config

2009-01-29 11:55:07 ----SHDC---- C:\WINDOWS\Installer

2009-01-29 11:54:59 ----HDC---- C:\Config.Msi

2009-01-29 11:11:39 ----AC---- C:\WINDOWS\RtlRack.ini

2009-01-29 11:10:03 ----DC---- C:\Program Files

2009-01-23 17:14:57 ----D---- C:\WINDOWS\system32\inetsrv

2009-01-23 17:14:42 ----DC---- C:\WINDOWS\security

2009-01-16 21:16:40 ----AC---- C:\WINDOWS\system32\mshtml.dll

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]

R3 iKeyEnum;Rainbow iKey Enumerator; C:\WINDOWS\system32\DRIVERS\ikeyenum.sys [2007-12-17 12480]

R3 iKeyIFD;Rainbow iKey Virtual Reader; C:\WINDOWS\system32\DRIVERS\ikeyifd.sys [2007-12-17 19232]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-09 4449280]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]

R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]

S3 RnbToken;Rainbow iKey Token Service; C:\WINDOWS\system32\DRIVERS\rnbtoken.sys [2007-12-17 22304]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 DkLogger;SafeNet Log Service; C:\WINDOWS\system32\dklog.exe [2007-09-13 106496]

R2 DkTknSrv;SafeNet Token Service; C:\WINDOWS\system32\dkcktkn.exe [2007-09-13 737280]

R2 DkVcm;SafeNet Virtual Channel Monitor; C:\WINDOWS\system32\dkvcm.exe [2007-09-13 122880]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2008-10-24 52800]

R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-12-08 152984]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-07 137200]

S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]

S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

 

-----------------EOF-----------------

 

info.txt logfile of random's system information tool 1.05 2009-02-13 13:41:49

 

======Uninstall list======

 

-->C:\Arquivos de programas\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\NuNInst.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.3 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81300000003}

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

avast! Antivirus-->C:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

Códigos de Barra - Comércio Exterior 1.1-->"C:\Arquivos de programas\Códigos de Barra - Comércio Exterior\unins000.exe"

Dic Michaelis - UOL-->C:\Dic\instala.exe -d

Google Toolbar for Internet Explorer-->"C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall

HijackThis 2.0.2-->"C:\HiJackThis\HijackThis.exe" /uninstall

Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

HP Image Zone 4.2-->C:\Arquivos de programas\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP OrderReminder-->"C:\Arquivos de programas\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018

HP PSC & OfficeJet 4.2-->"C:\Arquivos de programas\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

LaserJet 1018-->C:\Arquivos de programas\Zenographics\{29351AD1-1076-4DBC-8E50-649595FDDCBB}\setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"

Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Nero 7 Essentials-->MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1046}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI

On-line Help Console-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6283826F-59A2-11D9-BB04-000AE6BE6EE7}\setup.exe" -l0x9

OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}

PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_562.exe" _?=C:\Arquivos de programas\PDFCreator Toolbar

PDFCreator-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_562.exe" -hu _?=C:\Arquivos de programas\PDFCreator Toolbar

Picasa 3-->"C:\Arquivos de programas\Google\Picasa3\Uninstall.exe"

Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x416 -removeonly

SafeNet Borderless Security PK Client-->MsiExec.exe /X{74738135-38D6-4ABD-A2BF-A86744971607}

SafeNet iKey Driver v4.0.0.20-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6257E290-5E8E-11D4-9B8D-00D0B72459DD}\Setup.exe" -l0x9 UNINST

SafeNet iKey2032 versão 2.33 para Windows 2000/XP/Vista-->"C:\Arquivos de programas\Safenet\iKey2032\unins000.exe"

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

Spybot - Search & Destroy-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins001.exe"

Windows Live Messenger-->MsiExec.exe /I{37FD253D-5064-4034-8CEC-CC3995F823A4}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: AVG Anti-Virus Free

AV: avast! antivirus 4.8.1335 [VPS 090212-0]

 

System event log

 

Computer Name: AMABILE

Event Code: 7036

Message: O serviço Serviços de terminal entrou no estado executando.

 

Record Number: 12410

Source Name: Service Control Manager

Time Written: 20090210102430.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 6005

Message: O serviço Log de eventos foi iniciado.

 

Record Number: 12409

Source Name: EventLog

Time Written: 20090210102333.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free.

 

Record Number: 12408

Source Name: EventLog

Time Written: 20090210102333.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 6006

Message: O serviço Log de eventos foi finalizado.

 

Record Number: 12407

Source Name: EventLog

Time Written: 20090210102210.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 7036

Message: O serviço Google Updater Service entrou no estado interrompido.

 

Record Number: 12406

Source Name: Service Control Manager

Time Written: 20090210093619.000000-120

Event Type: Informações

User:

 

Application event log

 

Computer Name: AMABILE

Event Code: 1800

Message: O Serviço da Central de Segurança do Windows foi iniciado.

 

Record Number: 2686

Source Name: SecurityCenter

Time Written: 20081117074855.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 1

Message:

Record Number: 2685

Source Name: avg8emc

Time Written: 20081117074851.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 0

Message: SafeNet Token Server (dkcktkn) Started Succesfully

 

Record Number: 2684

Source Name: SafeNet Token Service

Time Written: 20081117074828.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 5

Message: Starting SafeNet Token Service.

 

Record Number: 2683

Source Name: SafeNet Token Service

Time Written: 20081117074828.000000-120

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 0

Message: SafeNet Logging Service (dkLog) Started Succesfully

 

Record Number: 2682

Source Name: DKLOG

Time Written: 20081117074824.000000-120

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 127 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=7f01

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

[MGuitar 11]

Desculpe novamente a demora, estou meio atarefado aqui.

 

Por favor, poste um novo log do RSIT (atualizado).

[BabiFerrer 0]

Desculpe novamente a demora, estou meio atarefado aqui.

 

Por favor, poste um novo log do RSIT (atualizado).

Segue:

Logfile of random's system information tool 1.05 (written by random/random)

Run by Administrador at 2009-02-18 16:32:57

Microsoft Windows XP Professional Service Pack 3

System drive C: has 7 GB (38%) free of 19 GB

Total RAM: 958 MB (43% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:33, on 18/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dklog.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dkcktkn.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Documents and Settings\Administrador.OEM\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\HiJackThis\Administrador.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://orion/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe

O4 - HKLM\..\Run: [DkAutoReg] C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AxMonitor] C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3B2FC559-5102-4482-9684-66906D53A500} (Auth Class) - http://www.t37.com.br/_conteudo/ecpf/EvalCriptoCOM.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com.br/s/v/35.08/uploader2.cab

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://www.wilsononline.com.br/includes/asp/arview2.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C327EC23-7F81-4E1D-802C-8780052BCD50}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\WINDOWS\system32\dklog.exe

O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\WINDOWS\system32\dkcktkn.exe

O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 9550 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\User_Feed_Synchronization-{22B879E5-9FF6-41BF-A137-EE1116761378}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2008-12-08 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 251504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-07 657904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-01-28 396104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]

PDFCreator Toolbar Helper - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-03-19 806912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-07 522224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2008-12-08 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-08 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-03-19 806912]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 251504]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2008-12-08 136600]

"DkStartup"=C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe [2007-09-13 49152]

"DkAutoReg"=C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe [2007-09-13 253952]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]

"AxMonitor"=C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe [2007-09-13 450560]

"nwiz"=nwiz.exe /install []

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-16 68856]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-01-28 396104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DkWLNP]

C:\WINDOWS\system32\DkWLNP.dll [2007-09-13 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-01-28 396104]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Grisoft\AVG7\avginet.exe"="C:\Arquivos de programas\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"

"C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Arquivos de programas\SecondLife\SLVoice.exe"="C:\Arquivos de programas\SecondLife\SLVoice.exe:*:Enabled:SLVoice"

"C:\Arquivos de programas\AVG\AVG8\avgemc.exe"="C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Arquivos de programas\UOL\UIM\uim.exe"="C:\Arquivos de programas\UOL\UIM\uim.exe:*:Disabled:UOL"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2009-02-13 12:41:14 ----DC---- C:\rsit

2009-02-12 12:06:39 ----DC---- C:\_OTMoveIt

2009-02-10 07:02:12 ----AC---- C:\WINDOWS\SchedLgU.Txt

2009-02-09 17:08:37 ----DC---- C:\ComboFix

2009-02-09 17:08:35 ----AC---- C:\WINDOWS\system32\CF12457.exe

2009-02-09 11:48:45 ----DC---- C:\HiJackThis

2009-02-09 11:31:38 ----DC---- C:\Arquivos de programas\Códigos de Barra - Comércio Exterior

2009-02-03 16:26:46 ----AC---- C:\WINDOWS\VPC32.INI

2009-02-03 13:32:31 ----AC---- C:\WINDOWS\system32\aswBoot.exe

2009-02-03 13:11:18 ----AC---- C:\WINDOWS\system32\CF9679.exe

2009-02-02 16:54:30 ----AC---- C:\WINDOWS\system32\CF772.exe

2009-02-02 16:46:44 ----AC---- C:\WINDOWS\system32\CF31989.exe

2009-02-02 16:09:05 ----AC---- C:\WINDOWS\system32\CF24644.exe

2009-02-02 16:08:20 ----AC---- C:\WINDOWS\system32\CF24491.exe

2009-02-02 15:51:00 ----AC---- C:\WINDOWS\system32\CF21098.exe

2009-02-02 15:43:55 ----AC---- C:\Boot.bak

2009-02-02 15:43:40 ----RASHDC---- C:\cmdcons

2009-02-02 15:40:18 ----AC---- C:\WINDOWS\zip.exe

2009-02-02 15:40:18 ----AC---- C:\WINDOWS\VFIND.exe

2009-02-02 15:40:18 ----AC---- C:\WINDOWS\SWREG.exe

2009-02-02 15:40:18 ----AC---- C:\WINDOWS\sed.exe

2009-02-02 15:40:18 ----AC---- C:\WINDOWS\NIRCMD.exe

2009-02-02 15:40:18 ----AC---- C:\WINDOWS\grep.exe

2009-02-02 15:40:18 ----AC---- C:\WINDOWS\fdsv.exe

2009-02-02 15:40:17 ----AC---- C:\WINDOWS\SWXCACLS.exe

2009-02-02 15:40:17 ----AC---- C:\WINDOWS\SWSC.exe

2009-02-02 15:40:06 ----DC---- C:\WINDOWS\ERDNT

2009-02-02 15:40:06 ----DC---- C:\Qoobox

2009-02-02 15:40:01 ----AC---- C:\WINDOWS\system32\CF18939.exe

2009-02-02 15:13:40 ----DC---- C:\WINDOWS\system32\Lang

2009-02-02 10:20:19 ----DC---- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\Malwarebytes

2009-02-02 10:20:11 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

2009-02-02 10:20:10 ----DC---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-01-29 14:09:30 ----AC---- C:\WINDOWS\system32\MFC71.dll

2009-01-29 14:09:12 ----DC---- C:\Arquivos de programas\Alwil Software

2009-01-29 14:07:17 ----DC---- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\FTWeak

2009-01-29 13:45:07 ----DC---- C:\WINDOWS\McAfee.com

2009-01-29 10:55:15 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\avg8

 

======List of files/folders modified in the last 1 months======

 

2009-02-18 16:33:02 ----DC---- C:\WINDOWS\Prefetch

2009-02-18 15:52:24 ----D---- C:\WINDOWS\Temp

2009-02-18 09:24:53 ----AC---- C:\WINDOWS\WDIC.INI

2009-02-18 07:44:04 ----DC---- C:\WINDOWS

2009-02-16 07:48:06 ----DC---- C:\WINDOWS\system32

2009-02-16 07:48:03 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-02-13 13:17:06 ----DC---- C:\WINDOWS\Debug

2009-02-13 10:38:53 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-12 16:58:55 ----DC---- C:\WINDOWS\inf

2009-02-12 16:58:51 ----DC---- C:\WINDOWS\$hf_mig$

2009-02-12 16:58:09 ----DC---- C:\WINDOWS\system32\dllcache

2009-02-12 16:58:03 ----DC---- C:\Arquivos de programas\Internet Explorer

2009-02-12 16:57:38 ----DC---- C:\WINDOWS\ie7updates

2009-02-12 01:56:17 ----AC---- C:\WINDOWS\system32\MRT.exe

2009-02-11 08:28:38 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2009-02-09 14:42:25 ----DC---- C:\Arquivos de programas\GbPlugin

2009-02-09 14:42:25 ----AD---- C:\WINDOWS\system32\drivers

2009-02-09 11:31:38 ----RDC---- C:\Arquivos de programas

2009-02-09 11:31:38 ----DC---- C:\WINDOWS\Fonts

2009-02-09 10:06:35 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2009-02-03 13:05:31 ----DC---- C:\amabile

2009-02-02 15:59:10 ----RASHC---- C:\boot.ini

2009-02-02 15:59:10 ----AC---- C:\WINDOWS\win.ini

2009-02-02 15:59:10 ----AC---- C:\WINDOWS\system.ini

2009-02-02 12:48:17 ----DC---- C:\WINDOWS\Downloaded Program Files

2009-01-30 06:50:21 ----D---- C:\WINDOWS\system32\config

2009-01-29 10:55:07 ----SHDC---- C:\WINDOWS\Installer

2009-01-29 10:54:59 ----HDC---- C:\Config.Msi

2009-01-29 10:11:39 ----AC---- C:\WINDOWS\RtlRack.ini

2009-01-29 10:10:03 ----DC---- C:\Program Files

2009-01-23 16:14:57 ----D---- C:\WINDOWS\system32\inetsrv

2009-01-23 16:14:42 ----DC---- C:\WINDOWS\security

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]

R3 iKeyEnum;Rainbow iKey Enumerator; C:\WINDOWS\system32\DRIVERS\ikeyenum.sys [2007-12-17 12480]

R3 iKeyIFD;Rainbow iKey Virtual Reader; C:\WINDOWS\system32\DRIVERS\ikeyifd.sys [2007-12-17 19232]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-09 4449280]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]

R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]

S3 RnbToken;Rainbow iKey Token Service; C:\WINDOWS\system32\DRIVERS\rnbtoken.sys [2007-12-17 22304]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 DkLogger;SafeNet Log Service; C:\WINDOWS\system32\dklog.exe [2007-09-13 106496]

R2 DkTknSrv;SafeNet Token Service; C:\WINDOWS\system32\dkcktkn.exe [2007-09-13 737280]

R2 DkVcm;SafeNet Virtual Channel Monitor; C:\WINDOWS\system32\dkvcm.exe [2007-09-13 122880]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2008-10-24 52800]

R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-12-08 152984]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-07 137200]

S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]

S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

 

-----------------EOF-----------------