[Resolvido!] Virus

[MGuitar 11]

- Faça o download do Avenger e salve-o no desktop;

 

● Extraia o conteúdo do zip para o desktop;

● Selecione e copie o texto aqui abaixo:

 

Folders to delete:

C:\Arquivos de programas\GbPlugin

C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

 

Registry keys to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef

 

Registry values to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {E37CB5F0-51F5-4395-A808-5FA49E399007}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {E37CB5F0-51F5-4395-A808-5FA49E399F83}

 

Drivers to disable:

GbpSv

 

Drivers to delete:

GbpSv

 

● Execute o programa Avenger, dando dois cliques em avenger.exe;

● Clique no menu Load Script > Paste from Clipboard;

● Clique no botão Execute > Yes > OK;

● Seu computador será reiniciado;

● Será gerado um log em C:\avenger.txt

 

Cole este log em sua próxima resposta, juntamente com um novo log do RSIT.

[BabiFerrer 0]

- Faça o download do Avenger e salve-o no desktop;

 

● Extraia o conteúdo do zip para o desktop;

● Selecione e copie o texto aqui abaixo:

 

Folders to delete:

C:\Arquivos de programas\GbPlugin

C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

 

Registry keys to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef

 

Registry values to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {E37CB5F0-51F5-4395-A808-5FA49E399007}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {E37CB5F0-51F5-4395-A808-5FA49E399F83}

 

Drivers to disable:

GbpSv

 

Drivers to delete:

GbpSv

 

● Execute o programa Avenger, dando dois cliques em avenger.exe;

● Clique no menu Load Script > Paste from Clipboard;

● Clique no botão Execute > Yes > OK;

● Seu computador será reiniciado;

● Será gerado um log em C:\avenger.txt

 

Cole este log em sua próxima resposta, juntamente com um novo log do RSIT.

 

 

Segue - Na ordem !

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: could not delete folder "C:\Arquivos de programas\GbPlugin"

Deletion of folder "C:\Arquivos de programas\GbPlugin" failed!

Status: 0xc0000022 (STATUS_ACCESS_DENIED)

 

Folder "C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin" deleted successfully.

Disablement of driver "GbpSv" failed!

Status: 0xc0000001 (STATUS_UNSUCCESSFUL)

 

Driver "GbpSv" deleted successfully.

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}" deleted successfully.

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}" deleted successfully.

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn" deleted successfully.

 

Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef" deleted successfully.

Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{E37CB5F0-51F5-4395-A808-5FA49E399007}" deleted successfully.

Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{E37CB5F0-51F5-4395-A808-5FA49E399F83}" deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Administrador at 2009-02-19 11:01:02

Microsoft Windows XP Professional Service Pack 3

System drive C: has 7 GB (38%) free of 19 GB

Total RAM: 958 MB (60% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:01, on 19/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\SCardSvr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dklog.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dkcktkn.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrador.OEM\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\HiJackThis\Administrador.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://orion/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe

O4 - HKLM\..\Run: [DkAutoReg] C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AxMonitor] C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3B2FC559-5102-4482-9684-66906D53A500} (Auth Class) - http://www.t37.com.br/_conteudo/ecpf/EvalCriptoCOM.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com.br/s/v/35.08/uploader2.cab

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://www.wilsononline.com.br/includes/asp/arview2.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C327EC23-7F81-4E1D-802C-8780052BCD50}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\WINDOWS\system32\dklog.exe

O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\WINDOWS\system32\dkcktkn.exe

O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 9283 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\User_Feed_Synchronization-{22B879E5-9FF6-41BF-A137-EE1116761378}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2008-12-08 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 251504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-07 657904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-01-28 396104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]

PDFCreator Toolbar Helper - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-03-19 806912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-07 522224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2008-12-08 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-08 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-03-19 806912]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 251504]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2008-12-08 136600]

"DkStartup"=C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe [2007-09-13 49152]

"DkAutoReg"=C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe [2007-09-13 253952]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]

"AxMonitor"=C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe [2007-09-13 450560]

"nwiz"=nwiz.exe /install []

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-16 68856]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-01-28 396104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DkWLNP]

C:\WINDOWS\system32\DkWLNP.dll [2007-09-13 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-01-28 396104]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Grisoft\AVG7\avginet.exe"="C:\Arquivos de programas\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"

"C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Arquivos de programas\SecondLife\SLVoice.exe"="C:\Arquivos de programas\SecondLife\SLVoice.exe:*:Enabled:SLVoice"

"C:\Arquivos de programas\AVG\AVG8\avgemc.exe"="C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Arquivos de programas\UOL\UIM\uim.exe"="C:\Arquivos de programas\UOL\UIM\uim.exe:*:Disabled:UOL"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 3 months======

 

2009-02-19 10:48:56 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2009-02-19 10:48:22 ----DC---- C:\Avenger

2009-02-19 10:48:22 ----AC---- C:\avenger.txt

2009-02-19 10:45:08 ----AC---- C:\zip.exe

2009-02-19 10:45:08 ----AC---- C:\cleanup.exe

2009-02-19 10:45:08 ----AC---- C:\cleanup.bat

2009-02-13 12:41:14 ----DC---- C:\rsit

2009-02-12 12:06:39 ----DC---- C:\_OTMoveIt

2009-02-10 07:02:12 ----AC---- C:\WINDOWS\SchedLgU.Txt

2009-02-09 17:08:37 ----DC---- C:\ComboFix

2009-02-09 17:08:35 ----AC---- C:\WINDOWS\system32\CF12457.exe

2009-02-09 11:48:45 ----DC---- C:\HiJackThis

2009-02-09 11:31:38 ----DC---- C:\Arquivos de programas\Códigos de Barra - Comércio Exterior

2009-02-03 16:26:46 ----AC---- C:\WINDOWS\VPC32.INI

2009-02-03 13:32:31 ----AC---- C:\WINDOWS\system32\aswBoot.exe

2009-02-03 13:11:18 ----AC---- C:\WINDOWS\system32\CF9679.exe

2009-02-02 16:54:30 ----AC---- C:\WINDOWS\system32\CF772.exe

2009-02-02 16:46:44 ----AC---- C:\WINDOWS\system32\CF31989.exe

2009-02-02 16:09:05 ----AC---- C:\WINDOWS\system32\CF24644.exe

2009-02-02 16:08:20 ----AC---- C:\WINDOWS\system32\CF24491.exe

2009-02-02 15:51:00 ----AC---- C:\WINDOWS\system32\CF21098.exe

2009-02-02 15:43:55 ----AC---- C:\Boot.bak

2009-02-02 15:43:40 ----RASHDC---- C:\cmdcons

2009-02-02 15:40:18 ----AC---- C:\WINDOWS\zip.exe

2009-02-02 15:40:18 ----AC---- C:\WINDOWS\VFIND.exe

2009-02-02 15:40:18 ----AC---- C:\WINDOWS\SWREG.exe

2009-02-02 15:40:18 ----AC---- C:\WINDOWS\sed.exe

2009-02-02 15:40:18 ----AC---- C:\WINDOWS\NIRCMD.exe

2009-02-02 15:40:18 ----AC---- C:\WINDOWS\grep.exe

2009-02-02 15:40:18 ----AC---- C:\WINDOWS\fdsv.exe

2009-02-02 15:40:17 ----AC---- C:\WINDOWS\SWXCACLS.exe

2009-02-02 15:40:17 ----AC---- C:\WINDOWS\SWSC.exe

2009-02-02 15:40:06 ----DC---- C:\WINDOWS\ERDNT

2009-02-02 15:40:06 ----DC---- C:\Qoobox

2009-02-02 15:40:01 ----AC---- C:\WINDOWS\system32\CF18939.exe

2009-02-02 15:13:40 ----DC---- C:\WINDOWS\system32\Lang

2009-02-02 10:20:19 ----DC---- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\Malwarebytes

2009-02-02 10:20:11 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

2009-02-02 10:20:10 ----DC---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-01-29 14:09:30 ----AC---- C:\WINDOWS\system32\MFC71.dll

2009-01-29 14:09:12 ----DC---- C:\Arquivos de programas\Alwil Software

2009-01-29 14:07:17 ----DC---- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\FTWeak

2009-01-29 13:45:07 ----DC---- C:\WINDOWS\McAfee.com

2009-01-29 10:55:15 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\avg8

2009-01-09 14:55:30 ----DC---- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\Mozilla

2009-01-09 14:54:53 ----DC---- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\SecondLife

2008-12-17 16:25:55 ----DC---- C:\WINDOWS\system32\IOSUBSYS

2008-12-08 13:31:39 ----AC---- C:\WINDOWS\system32\javaws.exe

2008-12-08 13:31:39 ----AC---- C:\WINDOWS\system32\deploytk.dll

2008-12-08 13:31:38 ----AC---- C:\WINDOWS\system32\javaw.exe

2008-12-08 13:31:38 ----AC---- C:\WINDOWS\system32\java.exe

 

======List of files/folders modified in the last 3 months======

 

2009-02-19 10:51:24 ----D---- C:\WINDOWS\Temp

2009-02-19 10:50:15 ----DC---- C:\WINDOWS\Prefetch

2009-02-19 10:48:22 ----RDC---- C:\Arquivos de programas

2009-02-19 10:48:22 ----AD---- C:\WINDOWS\system32\drivers

2009-02-18 09:24:53 ----AC---- C:\WINDOWS\WDIC.INI

2009-02-18 07:44:04 ----DC---- C:\WINDOWS

2009-02-16 07:48:06 ----DC---- C:\WINDOWS\system32

2009-02-16 07:48:03 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-02-13 13:17:06 ----DC---- C:\WINDOWS\Debug

2009-02-13 10:38:53 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-12 16:58:55 ----DC---- C:\WINDOWS\inf

2009-02-12 16:58:51 ----DC---- C:\WINDOWS\$hf_mig$

2009-02-12 16:58:09 ----DC---- C:\WINDOWS\system32\dllcache

2009-02-12 16:58:03 ----DC---- C:\Arquivos de programas\Internet Explorer

2009-02-12 16:57:38 ----DC---- C:\WINDOWS\ie7updates

2009-02-12 01:56:17 ----AC---- C:\WINDOWS\system32\MRT.exe

2009-02-11 08:28:38 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2009-02-09 14:42:25 ----DC---- C:\Arquivos de programas\GbPlugin

2009-02-09 11:31:38 ----DC---- C:\WINDOWS\Fonts

2009-02-03 13:05:31 ----DC---- C:\amabile

2009-02-02 15:59:10 ----RASHC---- C:\boot.ini

2009-02-02 15:59:10 ----AC---- C:\WINDOWS\win.ini

2009-02-02 15:59:10 ----AC---- C:\WINDOWS\system.ini

2009-02-02 12:48:17 ----DC---- C:\WINDOWS\Downloaded Program Files

2009-01-30 06:50:21 ----D---- C:\WINDOWS\system32\config

2009-01-29 10:55:07 ----SHDC---- C:\WINDOWS\Installer

2009-01-29 10:54:59 ----HDC---- C:\Config.Msi

2009-01-29 10:11:39 ----AC---- C:\WINDOWS\RtlRack.ini

2009-01-29 10:10:03 ----DC---- C:\Program Files

2009-01-23 16:14:57 ----D---- C:\WINDOWS\system32\inetsrv

2009-01-23 16:14:42 ----DC---- C:\WINDOWS\security

2009-01-16 20:16:40 ----AC---- C:\WINDOWS\system32\mshtml.dll

2009-01-08 16:40:01 ----DC---- C:\Arquivos de programas\CCleaner

2009-01-08 16:29:13 ----DC---- C:\Documents and Settings

2009-01-07 07:32:02 ----DC---- C:\Arquivos de programas\Google

2009-01-07 07:12:41 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Google

2008-12-20 19:47:03 ----AC---- C:\WINDOWS\system32\wininet.dll

2008-12-20 19:47:03 ----AC---- C:\WINDOWS\system32\webcheck.dll

2008-12-20 19:47:02 ----AC---- C:\WINDOWS\system32\urlmon.dll

2008-12-20 19:47:01 ----AC---- C:\WINDOWS\system32\url.dll

2008-12-20 19:47:01 ----AC---- C:\WINDOWS\system32\pngfilt.dll

2008-12-20 19:47:01 ----AC---- C:\WINDOWS\system32\occache.dll

2008-12-20 19:47:01 ----AC---- C:\WINDOWS\system32\mstime.dll

2008-12-20 19:47:00 ----AC---- C:\WINDOWS\system32\msrating.dll

2008-12-20 19:47:00 ----AC---- C:\WINDOWS\system32\mshtmled.dll

2008-12-20 19:46:56 ----AC---- C:\WINDOWS\system32\msfeedsbs.dll

2008-12-20 19:46:56 ----AC---- C:\WINDOWS\system32\msfeeds.dll

2008-12-20 19:46:55 ----AC---- C:\WINDOWS\system32\jsproxy.dll

2008-12-20 19:46:54 ----AC---- C:\WINDOWS\system32\iertutil.dll

2008-12-20 19:46:53 ----AC---- C:\WINDOWS\system32\iernonce.dll

2008-12-20 19:46:53 ----AC---- C:\WINDOWS\system32\ieframe.dll

2008-12-20 19:46:50 ----AC---- C:\WINDOWS\system32\iedkcs32.dll

2008-12-20 19:46:49 ----AC---- C:\WINDOWS\system32\ieapfltr.dll

2008-12-20 19:46:48 ----AC---- C:\WINDOWS\system32\ieaksie.dll

2008-12-20 19:46:48 ----AC---- C:\WINDOWS\system32\ieakeng.dll

2008-12-20 19:46:48 ----AC---- C:\WINDOWS\system32\icardie.dll

2008-12-20 19:46:48 ----AC---- C:\WINDOWS\system32\extmgr.dll

2008-12-20 19:46:48 ----AC---- C:\WINDOWS\system32\dxtrans.dll

2008-12-20 19:46:47 ----AC---- C:\WINDOWS\system32\dxtmsft.dll

2008-12-20 19:46:47 ----AC---- C:\WINDOWS\system32\advpack.dll

2008-12-19 06:14:21 ----AC---- C:\WINDOWS\system32\ie4uinit.exe

2008-12-19 06:10:15 ----AC---- C:\WINDOWS\system32\ieudinit.exe

2008-12-19 02:23:56 ----AC---- C:\WINDOWS\system32\ieakui.dll

2008-12-11 10:13:21 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Adobe

2008-12-11 10:12:37 ----DC---- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-12-11 10:12:37 ----DC---- C:\Arquivos de programas\Adobe

2008-12-08 13:30:47 ----DC---- C:\Arquivos de programas\Java

2008-12-02 06:41:31 ----DC---- C:\WINDOWS\Help

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 iKeyEnum;Rainbow iKey Enumerator; C:\WINDOWS\system32\DRIVERS\ikeyenum.sys [2007-12-17 12480]

R3 iKeyIFD;Rainbow iKey Virtual Reader; C:\WINDOWS\system32\DRIVERS\ikeyifd.sys [2007-12-17 19232]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-09 4449280]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]

R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]

S3 RnbToken;Rainbow iKey Token Service; C:\WINDOWS\system32\DRIVERS\rnbtoken.sys [2007-12-17 22304]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 DkLogger;SafeNet Log Service; C:\WINDOWS\system32\dklog.exe [2007-09-13 106496]

R2 DkTknSrv;SafeNet Token Service; C:\WINDOWS\system32\dkcktkn.exe [2007-09-13 737280]

R2 DkVcm;SafeNet Virtual Channel Monitor; C:\WINDOWS\system32\dkvcm.exe [2007-09-13 122880]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2008-10-24 52800]

R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-12-08 152984]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-07 137200]

S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]

S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

 

-----------------EOF-----------------

[MGuitar 11]

- Faça o download do BankerFix e salve-o no desktop;

 

● Desabilite o seu antivírus temporariamente para não detectar a ferramenta como vírus;

● Dê um duplo clique em bankerfix.exe;

● Surgirá uma mensagem dizendo que o mesmo será baixado via internet;

● Clique em OK > OK. Tecle Enter e aguarde o término do scan;

● Terminado o scan, leia a mensagem na tela e tecle Enter novamente.

● Será gerado um log em C:\LinhaDefensiva\relatorio.txt.

 

Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Delete a pasta C:\LinhaDefensiva após colar seu log aqui.

[BabiFerrer 0]

- Faça o download do BankerFix e salve-o no desktop;

 

● Desabilite o seu antivírus temporariamente para não detectar a ferramenta como vírus;

● Dê um duplo clique em bankerfix.exe;

● Surgirá uma mensagem dizendo que o mesmo será baixado via internet;

● Clique em OK > OK. Tecle Enter e aguarde o término do scan;

● Terminado o scan, leia a mensagem na tela e tecle Enter novamente.

● Será gerado um log em C:\LinhaDefensiva\relatorio.txt.

 

Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Delete a pasta C:\LinhaDefensiva após colar seu log aqui.

 

Segue:

 

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-02-25 - 14:04

-------------------------------------------------------

Lista de Definição: 2009-01-21-2 | CORE: 2009-01-21-1

=======================================================

 

Arquivo infectado detectado: C:\cleanup.bat

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:07, on 25/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\SCardSvr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dklog.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dkcktkn.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HiJackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://orion/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe

O4 - HKLM\..\Run: [DkAutoReg] C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AxMonitor] C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3B2FC559-5102-4482-9684-66906D53A500} (Auth Class) - http://www.t37.com.br/_conteudo/ecpf/EvalCriptoCOM.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com.br/s/v/35.08/uploader2.cab

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://www.wilsononline.com.br/includes/asp/arview2.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C327EC23-7F81-4E1D-802C-8780052BCD50}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\WINDOWS\system32\dklog.exe

O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\WINDOWS\system32\dkcktkn.exe

O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 9053 bytes

[MGuitar 11]

Delete a pasta C:\LinhaDefensiva (caso exista ainda).

 

Acesse o site VirusTotal. Copie este caminho em destaque abaixo e cole ao lado do botão . Clique em Enviar Arquivo e aguarde.

 

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

Copie o link que estará em frente ao nome Permalink, veja na imagem:

 

Cole este link aqui.

[BabiFerrer 0]

Delete a pasta C:\LinhaDefensiva (caso exista ainda).

 

Acesse o site VirusTotal. Copie este caminho em destaque abaixo e cole ao lado do botão . Clique em Enviar Arquivo e aguarde.

 

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

Copie o link que estará em frente ao nome Permalink, veja na imagem:

 

Cole este link aqui.

 

Bom dia !

 

Então da o seguinte erro. " 0 bytes size received / Se ha recibido un archivo vacio "

 

E se eu clicar em arquivo, abre a pasta a qual o caminho se refere porem não contem o arquivo em questão dentro.

[MGuitar 11]

- Faça o download do OTListIt2 e salve no desktop;

 

● Dê um duplo clique em OTListIt2.exe para executá-lo;

● Marque a opção "Scan All Users";

● Clique no botão e aguarde a verificação;

● Dois logs serão gerados no Bloco de Notas:

 

- OTListIt.txt <- este será aberto

- Extra.txt <- este estará minimizado.

 

Cole-os em sua próxima resposta.

[BabiFerrer 0]

- Faça o download do OTListIt2 e salve no desktop;

 

● Dê um duplo clique em OTListIt2.exe para executá-lo;

● Marque a opção "Scan All Users";

● Clique no botão e aguarde a verificação;

● Dois logs serão gerados no Bloco de Notas:

 

- OTListIt.txt <- este será aberto

- Extra.txt <- este estará minimizado.

 

Cole-os em sua próxima resposta.

 

Segue, porem somente o primeiro porque o Extra.txt não apareceu eu rodei 2 vezes achando que poderia ter sumido, mais realmente não apareceu.

 

OTListIt logfile created on: 02/03/2009 12:11:34 - Run 2

OTListIt2 by OldTimer - Version 2.0.3.2 Folder = C:\Documents and Settings\Administrador.OEM\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

958.42 Mb Total Physical Memory | 446.00 Mb Available Physical Memory | 46.53% Memory free

2.26 Gb Paging File | 1.73 Gb Available in Paging File | 76.67% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 18.64 Gb Total Space | 7.31 Gb Free Space | 39.21% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: AMABILE

Current User Name: Administrador

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

 

========== Processes (SafeList) ==========

 

PRC - [2008/10/24 10:58:20 | 00,052,800 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

PRC - [2009/02/05 18:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009/02/05 18:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

PRC - [2008/12/08 13:31:01 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jusched.exe

PRC - [2007/09/13 14:17:40 | 00,253,952 | ---- | M] (SafeNet, Inc.) -- C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

PRC - [2007/07/05 05:08:00 | 16,380,416 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

PRC - [2007/09/13 14:27:14 | 00,450,560 | ---- | M] () -- C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

PRC - [2009/02/05 18:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

PRC - [2008/10/16 09:07:10 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2008/04/13 23:21:10 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Messenger\msmsgs.exe

PRC - [2007/09/13 14:15:06 | 00,106,496 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dklog.exe

PRC - [2007/09/13 14:21:16 | 00,122,880 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dkvcm.exe

PRC - [2007/05/15 15:55:46 | 01,550,896 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2008/12/08 13:30:59 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe

PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

PRC - [2006/10/31 03:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

PRC - [2007/09/13 14:17:04 | 00,737,280 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dkcktkn.exe

PRC - [2009/02/05 18:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009/02/05 18:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

PRC - [2008/04/13 23:20:58 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/13 23:21:10 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Outlook Express\msimn.exe

PRC - [2008/12/19 02:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe

PRC - [2009/03/02 12:01:37 | 00,497,152 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador.OEM\Desktop\OTListIt2.exe

PRC - [2008/04/13 23:21:12 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe

 

========== Win32 Services (SafeList) ==========

 

SRV - [2009/02/05 18:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

SRV - [2009/02/05 18:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

SRV - [2009/02/05 18:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

SRV - [2009/02/05 18:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

SRV - [2007/09/13 14:15:06 | 00,106,496 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dklog.exe -- (DkLogger [Auto | Running])

SRV - [2007/09/13 14:17:04 | 00,737,280 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dkcktkn.exe -- (DkTknSrv [Auto | Running])

SRV - [2007/09/13 14:21:16 | 00,122,880 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dkvcm.exe -- (DkVcm [Auto | Running])

SRV - [2008/10/24 10:58:20 | 00,052,800 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv [unknown | Running])

SRV - [2009/01/07 07:32:05 | 00,137,200 | ---- | M] (Google) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

SRV - [2008/04/13 23:20:37 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2007/05/15 15:55:46 | 01,550,896 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])

SRV - [2008/12/08 13:30:59 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])

SRV - [2007/04/13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

SRV - [2007/05/08 19:47:22 | 00,271,920 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

SRV - [2006/10/31 03:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

SRV - [2006/11/02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services (SafeList) ==========

 

DRV - [2009/02/05 18:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running])

DRV - [2009/02/05 18:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

DRV - [2009/02/05 18:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

DRV - [2009/02/05 18:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

DRV - [2009/02/05 18:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running])

DRV - [2009/02/05 18:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

DRV - [2008/09/09 09:56:34 | 00,031,048 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm [boot | Running])

DRV - [2008/04/13 13:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2004/06/21 14:40:48 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])

DRV - [2004/06/21 14:40:48 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])

DRV - [2004/06/21 14:40:48 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])

DRV - [2007/12/17 10:34:16 | 00,012,480 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\DRIVERS\ikeyenum.sys -- (iKeyEnum [On_Demand | Running])

DRV - [2007/12/17 10:34:16 | 00,019,232 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\DRIVERS\ikeyifd.sys -- (iKeyIFD [On_Demand | Running])

DRV - [2007/05/15 15:55:36 | 00,118,576 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running])

DRV - [2007/05/15 15:55:36 | 00,037,040 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass [system | Running])

DRV - [2007/05/15 15:55:36 | 00,038,576 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm [system | Running])

DRV - [2007/07/09 22:56:00 | 04,449,280 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2006/10/31 03:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2006/06/28 06:38:56 | 00,105,088 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [boot | Running])

DRV - [2006/11/27 05:33:50 | 00,058,368 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])

DRV - [2006/11/27 05:33:54 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])

DRV - [2001/10/28 12:07:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2008/07/31 19:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2007/12/17 10:34:16 | 00,022,304 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\DRIVERS\rnbtoken.sys -- (RnbToken [On_Demand | Stopped])

DRV - [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])

DRV - [2007/11/13 07:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://twitter.com/;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

O1 HOSTS File: (297948 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 127.0.0.1 163ns.com

O1 - Hosts: 10290 more lines...

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [AxMonitor] C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe ()

O4 - HKLM..\Run: [DkAutoReg] C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe (SafeNet, Inc.)

O4 - HKLM..\Run: [DkStartup] C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe (SafeNet, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {3B2FC559-5102-4482-9684-66906D53A500} http://www.t37.com.br/_conteudo/ecpf/EvalCriptoCOM.cab (Auth Class)

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com.br/s/v/35.08/uploader2.cab (UploadListView Class)

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} http://www.wilsononline.com.br/includes/asp/arview2.cab (ActiveReports Viewer2)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game02.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab (GbPluginObj Class)

O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginAbn: DllName - C:\ARQUIV~1\GbPlugin\gbiehabn.dll - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\DkWLNP: DllName - DkWLNP.dll - C:\WINDOWS\system32\DkWLNP.dll (SafeNet, Inc.)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/12 18:47:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009/03/02 12:01:30 | 00,497,152 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador.OEM\Desktop\OTListIt2.exe

[2009/02/19 10:48:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

[2009/02/19 10:48:22 | 00,000,000 | ---D | C] -- C:\Avenger

[2009/02/19 10:45:12 | 00,004,654 | ---- | C] () -- C:\backup.reg

[2009/02/19 10:45:08 | 00,135,168 | ---- | C] () -- C:\zip.exe

[2009/02/19 10:45:08 | 00,019,286 | ---- | C] () -- C:\cleanup.exe

[2009/02/19 10:43:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador.OEM\Desktop\avenger

[2009/02/13 12:41:14 | 00,000,000 | ---D | C] -- C:\rsit

[2009/02/12 12:06:39 | 00,000,000 | ---D | C] -- C:\_OTMoveIt

[2009/02/11 14:48:32 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Administrador.OEM\Desktop\LISTA DE CONTAINERS PARADOS 2008.xls

[2009/02/09 17:08:37 | 00,000,000 | ---D | C] -- C:\ComboFix

[2009/02/09 17:08:35 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF12457.exe

[2009/02/09 11:48:45 | 00,000,000 | ---D | C] -- C:\HiJackThis

[2009/02/09 11:31:39 | 00,000,934 | ---- | C] () -- C:\Documents and Settings\Administrador.OEM\Desktop\Códigos de Barra - Comércio Exterior.lnk

[2009/02/09 11:31:38 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Códigos de Barra - Comércio Exterior

[2009/02/03 16:26:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2009/02/03 13:34:04 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk

[2009/02/03 13:34:03 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009/02/03 13:33:59 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009/02/03 13:33:55 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009/02/03 13:33:48 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009/02/03 13:33:47 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009/02/03 13:33:47 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009/02/03 13:33:46 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009/02/03 13:33:46 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009/02/03 13:32:31 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009/02/03 13:32:31 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2009/02/03 13:11:18 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9679.exe

[2009/02/03 10:25:00 | 00,031,048 | ---- | C] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\gbpkm.sys

[2009/02/02 16:54:30 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF772.exe

[2009/02/02 16:46:44 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31989.exe

[2009/02/02 16:09:05 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24644.exe

[2009/02/02 16:08:20 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24491.exe

[2009/02/02 15:51:00 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21098.exe

[2009/02/02 15:43:55 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2009/02/02 15:43:47 | 00,261,856 | ---- | C] () -- C:\cmldr

[2009/02/02 15:43:40 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/02/02 15:40:18 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/02/02 15:40:18 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/02/02 15:40:18 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe

[2009/02/02 15:40:18 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/02/02 15:40:18 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/02/02 15:40:18 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

[2009/02/02 15:40:18 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/02/02 15:40:17 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/02/02 15:40:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/02/02 15:40:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/02/02 15:40:06 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/02/02 15:40:01 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF18939.exe

[2009/02/02 15:13:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang

[2009/02/02 10:20:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\Malwarebytes

[2009/02/02 10:20:15 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/02/02 10:20:14 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/02/02 10:20:12 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/02/02 10:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

[2009/02/02 10:20:10 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

 

========== Files - Modified Within 30 Days ==========

 

[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009/10/09 07:56:04 | 00,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{22B879E5-9FF6-41BF-A137-EE1116761378}.job

[2009/03/02 12:01:37 | 00,497,152 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador.OEM\Desktop\OTListIt2.exe

[2009/03/02 09:48:23 | 00,003,018 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/03/02 07:59:24 | 00,000,493 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2009/03/02 07:51:17 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/03/02 07:50:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/03/02 07:50:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009/03/02 07:50:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/02/25 14:04:28 | 00,297,948 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/02/20 16:46:20 | 00,008,242 | ---- | M] () -- C:\WINDOWS\WDIC.INI

[2009/02/20 12:25:40 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2009/02/19 14:15:09 | 00,297,950 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090219-141524.backup

[2009/02/19 14:14:44 | 00,297,950 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090219-141509.backup

[2009/02/19 14:04:42 | 00,000,989 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Desktop\Spybot - Search & Destroy.lnk

[2009/02/19 10:45:12 | 00,004,654 | ---- | M] () -- C:\backup.reg

[2009/02/19 10:45:08 | 00,135,168 | ---- | M] () -- C:\zip.exe

[2009/02/19 10:45:08 | 00,019,286 | ---- | M] () -- C:\cleanup.exe

[2009/02/16 07:48:07 | 00,347,294 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2009/02/16 07:48:06 | 00,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/02/16 07:48:06 | 00,049,586 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2009/02/16 07:48:06 | 00,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/02/16 07:48:03 | 00,759,962 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/02/13 10:54:19 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Meus documentos\Memorando Geral.doc

[2009/02/12 01:56:17 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/02/11 14:48:32 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Desktop\LISTA DE CONTAINERS PARADOS 2008.xls

[2009/02/10 17:01:43 | 00,292,838 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090219-141444.backup

[2009/02/10 17:01:14 | 00,292,838 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090210-180143.backup

[2009/02/09 17:08:24 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF12457.exe

[2009/02/09 14:42:57 | 00,243,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/02/09 11:34:55 | 00,065,176 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/02/09 11:31:39 | 00,000,934 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Desktop\Códigos de Barra - Comércio Exterior.lnk

[2009/02/05 18:11:35 | 01,256,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009/02/05 18:08:19 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009/02/05 18:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009/02/05 18:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009/02/05 18:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009/02/05 18:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009/02/05 18:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009/02/05 18:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009/02/05 18:04:45 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009/02/03 17:04:03 | 00,292,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090210-180114.backup

[2009/02/03 16:30:22 | 00,292,696 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090203-180403.backup

[2009/02/03 16:30:15 | 00,292,696 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090203-173022.backup

[2009/02/03 16:26:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\VPC32.INI

[2009/02/03 13:34:04 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk

[2009/02/03 13:10:29 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9679.exe

[2009/02/02 16:54:24 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF772.exe

[2009/02/02 16:46:28 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31989.exe

[2009/02/02 16:09:01 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24644.exe

[2009/02/02 16:08:14 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24491.exe

[2009/02/02 15:59:10 | 00,000,629 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/02/02 15:59:10 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009/02/02 15:59:10 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/02/02 15:50:54 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21098.exe

[2009/02/02 15:39:54 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF18939.exe

[2009/02/02 15:26:14 | 00,000,211 | ---- | M] () -- C:\Boot.bak

[2009/02/02 13:18:31 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Desktop\CCleaner.lnk

[2009/02/02 10:20:15 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrador.OEM\Desktop\Departamento do Fundo da Marinha Mercante - Sistema Mercante.mht:SummaryInformation

@Alternate Data Stream - 308 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrador.OEM\Desktop\Departamento do Fundo da Marinha Mercante - Sistema Mercante.mht:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

< End of report >

[MGuitar 11]

Execute o OTListIt2. Copie este conteúdo abaixo dentro do code e cole na janela Custom Scans/Fixes da ferramenta:

 

:Processesexplorer.exe:OTLIPRC - [2008/10/24 10:58:20 | 00,052,800 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exeSRV - [2008/10/24 10:58:20 | 00,052,800 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv [Unknown | Running])O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil)O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not foundO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab (GbPluginObj Class)O20 - Winlogon\Notify\ GbPluginAbn: DllName - C:\ARQUIV~1\GbPlugin\gbiehabn.dll - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil)O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil)[1 C:\WINDOWS\System32\*.tmp files][4 C:\WINDOWS\*.tmp files][2009/02/19 10:48:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin[2009/02/19 10:48:22 | 00,000,000 | ---D | C] -- C:\Avenger[2009/02/19 10:45:12 | 00,004,654 | ---- | C] () -- C:\backup.reg[2009/02/19 10:45:08 | 00,135,168 | ---- | C] () -- C:\zip.exe[2009/02/19 10:45:08 | 00,019,286 | ---- | C] () -- C:\cleanup.exe[2009/02/19 10:43:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador.OEM\Desktop\avenger[2009/02/13 12:41:14 | 00,000,000 | ---D | C] -- C:\rsit[2009/02/12 12:06:39 | 00,000,000 | ---D | C] -- C:\_OTMoveIt[2009/02/03 13:11:18 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9679.exe[2009/02/02 16:54:30 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF772.exe[2009/02/02 16:46:44 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31989.exe[2009/02/02 16:09:05 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24644.exe[2009/02/02 16:08:20 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24491.exe[2009/02/02 15:51:00 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21098.exe[2009/02/02 15:40:06 | 00,000,000 | ---D | C] -- C:\Qoobox[2009/02/02 15:40:01 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF18939.exe[1 C:\WINDOWS\System32\*.tmp files][4 C:\WINDOWS\*.tmp files][2009/02/19 10:45:12 | 00,004,654 | ---- | M] () -- C:\backup.reg[2009/02/19 10:45:08 | 00,135,168 | ---- | M] () -- C:\zip.exe[2009/02/19 10:45:08 | 00,019,286 | ---- | M] () -- C:\cleanup.exe[2009/02/09 17:08:24 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF12457.exe[2009/02/03 13:10:29 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9679.exe[2009/02/02 16:54:24 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF772.exe[2009/02/02 16:46:28 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31989.exe[2009/02/02 16:09:01 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24644.exe[2009/02/02 16:08:14 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24491.exe[2009/02/02 15:50:54 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21098.exe[2009/02/02 15:39:54 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF18939.exe:Services:Reg:FilesC:\Arquivos de programas\GbPlugin:Commands[purity][emptytemp][start explorer][Reboot]

Clique no botão Run Fix e aguarde até que seja gerado um novo log.

 

Poste este log em sua próxima resposta.

[BabiFerrer 0]

Execute o OTListIt2. Copie este conteúdo abaixo dentro do code e cole na janela Custom Scans/Fixes da ferramenta:

 

:Processesexplorer.exe:OTLIPRC - [2008/10/24 10:58:20 | 00,052,800 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exeSRV - [2008/10/24 10:58:20 | 00,052,800 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv [Unknown | Running])O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil)O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not foundO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab (GbPluginObj Class)O20 - Winlogon\Notify\ GbPluginAbn: DllName - C:\ARQUIV~1\GbPlugin\gbiehabn.dll - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil)O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil)[1 C:\WINDOWS\System32\*.tmp files][4 C:\WINDOWS\*.tmp files][2009/02/19 10:48:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin[2009/02/19 10:48:22 | 00,000,000 | ---D | C] -- C:\Avenger[2009/02/19 10:45:12 | 00,004,654 | ---- | C] () -- C:\backup.reg[2009/02/19 10:45:08 | 00,135,168 | ---- | C] () -- C:\zip.exe[2009/02/19 10:45:08 | 00,019,286 | ---- | C] () -- C:\cleanup.exe[2009/02/19 10:43:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador.OEM\Desktop\avenger[2009/02/13 12:41:14 | 00,000,000 | ---D | C] -- C:\rsit[2009/02/12 12:06:39 | 00,000,000 | ---D | C] -- C:\_OTMoveIt[2009/02/03 13:11:18 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9679.exe[2009/02/02 16:54:30 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF772.exe[2009/02/02 16:46:44 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31989.exe[2009/02/02 16:09:05 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24644.exe[2009/02/02 16:08:20 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24491.exe[2009/02/02 15:51:00 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21098.exe[2009/02/02 15:40:06 | 00,000,000 | ---D | C] -- C:\Qoobox[2009/02/02 15:40:01 | 00,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF18939.exe[1 C:\WINDOWS\System32\*.tmp files][4 C:\WINDOWS\*.tmp files][2009/02/19 10:45:12 | 00,004,654 | ---- | M] () -- C:\backup.reg[2009/02/19 10:45:08 | 00,135,168 | ---- | M] () -- C:\zip.exe[2009/02/19 10:45:08 | 00,019,286 | ---- | M] () -- C:\cleanup.exe[2009/02/09 17:08:24 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF12457.exe[2009/02/03 13:10:29 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9679.exe[2009/02/02 16:54:24 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF772.exe[2009/02/02 16:46:28 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31989.exe[2009/02/02 16:09:01 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24644.exe[2009/02/02 16:08:14 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24491.exe[2009/02/02 15:50:54 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21098.exe[2009/02/02 15:39:54 | 00,400,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF18939.exe:Services:Reg:FilesC:\Arquivos de programas\GbPlugin:Commands[purity][emptytemp][start explorer][Reboot]

Clique no botão Run Fix e aguarde até que seja gerado um novo log.

 

Poste este log em sua próxima resposta.

 

========== PROCESSES ==========

Process explorer.exe killed successfully!

========== OTLISTIT ==========

No active process named gbpsv.exe was found!

 

Service\Driver GbpSv not found.

File move failed. C:\Arquivos de programas\GbPlugin\gbpsv.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000}\ not found.

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll unregistered successfully.

File move failed. C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540007}\ deleted successfully.

C:\Arquivos de programas\GbPlugin\gbiehabn.dll unregistered successfully.

File move failed. C:\Arquivos de programas\GbPlugin\gbiehabn.dll scheduled to be moved on reboot.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.

Starting removal of ActiveX control {E37CB5F0-51F5-4395-A808-5FA49E399007}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E37CB5F0-51F5-4395-A808-5FA49E399007} \Contains\Files\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E37CB5F0-51F5-4395-A808-5FA49E399007} \DownloadInformation\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E37CB5F0-51F5-4395-A808-5FA49E399007} \ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399007}\ not found.

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn\ scheduled to be deleted on reboot.

C:\Arquivos de programas\GbPlugin\gbiehabn.dll unregistered successfully.

File move failed. C:\Arquivos de programas\GbPlugin\gbiehabn.dll scheduled to be moved on reboot.

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb\ scheduled to be deleted on reboot.

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll unregistered successfully.

File move failed. C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399007} deleted successfully.

Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399007}\ .

C:\Arquivos de programas\GbPlugin\gbiehabn.dll unregistered successfully.

File move failed. C:\Arquivos de programas\GbPlugin\gbiehabn.dll scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399F83} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399F83}\ not found.

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll unregistered successfully.

File move failed. C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll scheduled to be moved on reboot.

File C:\WINDOWS\System32\*.tmp not found.

File C:\WINDOWS\*.tmp not found.

Folder C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin not found.

Folder C:\Avenger not found.

C:\backup.reg moved successfully.

C:\zip.exe moved successfully.

C:\cleanup.exe moved successfully.

Folder C:\Documents and Settings\Administrador.OEM\Desktop\avenger not found.

Folder C:\rsit not found.

Folder C:\_OTMoveIt not found.

C:\WINDOWS\System32\CF9679.exe moved successfully.

C:\WINDOWS\System32\CF772.exe moved successfully.

C:\WINDOWS\System32\CF31989.exe moved successfully.

C:\WINDOWS\System32\CF24644.exe moved successfully.

C:\WINDOWS\System32\CF24491.exe moved successfully.

C:\WINDOWS\System32\CF21098.exe moved successfully.

Folder C:\Qoobox not found.

C:\WINDOWS\System32\CF18939.exe moved successfully.

File C:\WINDOWS\System32\*.tmp not found.

File C:\WINDOWS\*.tmp not found.

File C:\backup.reg not found.

File C:\zip.exe not found.

File C:\cleanup.exe not found.

C:\WINDOWS\System32\CF12457.exe moved successfully.

File C:\WINDOWS\System32\CF9679.exe not found.

File C:\WINDOWS\System32\CF772.exe not found.

File C:\WINDOWS\System32\CF31989.exe not found.

File C:\WINDOWS\System32\CF24644.exe not found.

File C:\WINDOWS\System32\CF24491.exe not found.

File C:\WINDOWS\System32\CF21098.exe not found.

File C:\WINDOWS\System32\CF18939.exe not found.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

Folder move failed. C:\Arquivos de programas\GbPlugin scheduled to be moved on reboot.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_29c.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6f4.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTListIt2 by OldTimer - Version 2.0.3.2 log created on 03032009_165735

[MGuitar 11]

Por favor, poste um novo log do OTListIt2.

[BabiFerrer 0]

Por favor, poste um novo log do OTListIt2.

OTListIt logfile created on: 04/03/2009 15:03:46 - Run 7

OTListIt2 by OldTimer - Version 2.0.3.2 Folder = C:\Documents and Settings\Administrador.OEM\Desktop\avenger

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

958.42 Mb Total Physical Memory | 495.77 Mb Available Physical Memory | 51.73% Memory free

2.26 Gb Paging File | 1.80 Gb Available in Paging File | 79.63% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 18.64 Gb Total Space | 7.25 Gb Free Space | 38.89% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: AMABILE

Current User Name: Administrador

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

 

========== Processes (SafeList) ==========

 

PRC - [2008/10/24 10:58:20 | 00,052,800 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

PRC - [2008/04/13 23:20:58 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2009/02/05 18:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009/02/05 18:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

PRC - [2008/12/08 13:31:01 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jusched.exe

PRC - [2007/07/05 05:08:00 | 16,380,416 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

PRC - [2007/09/13 14:27:14 | 00,450,560 | ---- | M] () -- C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

PRC - [2009/02/05 18:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

PRC - [2008/04/13 23:21:10 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Messenger\msmsgs.exe

PRC - [2007/09/13 14:15:06 | 00,106,496 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dklog.exe

PRC - [2007/09/13 14:21:16 | 00,122,880 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dkvcm.exe

PRC - [2007/05/15 15:55:46 | 01,550,896 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2008/12/08 13:30:59 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe

PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

PRC - [2006/10/31 03:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

PRC - [2007/09/13 14:17:04 | 00,737,280 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dkcktkn.exe

PRC - [2009/02/05 18:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009/02/05 18:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

PRC - [2008/04/13 23:21:10 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Outlook Express\msimn.exe

PRC - [2008/12/19 02:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe

PRC - [2009/03/02 12:01:37 | 00,497,152 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador.OEM\Desktop\avenger\OTListIt2.exe

 

========== Win32 Services (SafeList) ==========

 

SRV - [2009/02/05 18:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

SRV - [2009/02/05 18:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

SRV - [2009/02/05 18:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

SRV - [2009/02/05 18:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

SRV - [2007/09/13 14:15:06 | 00,106,496 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dklog.exe -- (DkLogger [Auto | Running])

SRV - [2007/09/13 14:17:04 | 00,737,280 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dkcktkn.exe -- (DkTknSrv [Auto | Running])

SRV - [2007/09/13 14:21:16 | 00,122,880 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\dkvcm.exe -- (DkVcm [Auto | Running])

SRV - [2008/10/24 10:58:20 | 00,052,800 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv [unknown | Running])

SRV - [2009/01/07 07:32:05 | 00,137,200 | ---- | M] (Google) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

SRV - [2008/04/13 23:20:37 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2007/05/15 15:55:46 | 01,550,896 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])

SRV - [2008/12/08 13:30:59 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])

SRV - [2007/04/13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

SRV - [2007/05/08 19:47:22 | 00,271,920 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

SRV - [2006/10/31 03:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

SRV - [2006/11/02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services (SafeList) ==========

 

DRV - [2009/02/05 18:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running])

DRV - [2009/02/05 18:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

DRV - [2009/02/05 18:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

DRV - [2009/02/05 18:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

DRV - [2009/02/05 18:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running])

DRV - [2009/02/05 18:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

DRV - [2008/09/09 09:56:34 | 00,031,048 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm [boot | Running])

DRV - [2008/04/13 13:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2004/06/21 14:40:48 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])

DRV - [2004/06/21 14:40:48 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])

DRV - [2004/06/21 14:40:48 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])

DRV - [2007/12/17 10:34:16 | 00,012,480 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\DRIVERS\ikeyenum.sys -- (iKeyEnum [On_Demand | Running])

DRV - [2007/12/17 10:34:16 | 00,019,232 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\DRIVERS\ikeyifd.sys -- (iKeyIFD [On_Demand | Running])

DRV - [2007/05/15 15:55:36 | 00,118,576 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running])

DRV - [2007/05/15 15:55:36 | 00,037,040 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass [system | Running])

DRV - [2007/05/15 15:55:36 | 00,038,576 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm [system | Running])

DRV - [2007/07/09 22:56:00 | 04,449,280 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2006/10/31 03:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2006/06/28 06:38:56 | 00,105,088 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [boot | Running])

DRV - [2006/11/27 05:33:50 | 00,058,368 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])

DRV - [2006/11/27 05:33:54 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])

DRV - [2001/10/28 12:07:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2008/07/31 19:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2007/12/17 10:34:16 | 00,022,304 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\DRIVERS\rnbtoken.sys -- (RnbToken [On_Demand | Stopped])

DRV - [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])

DRV - [2007/11/13 07:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://twitter.com/;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

O1 HOSTS File: (297948 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 127.0.0.1 163ns.com

O1 - Hosts: 10290 more lines...

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [AxMonitor] C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe ()

O4 - HKLM..\Run: [DkAutoReg] C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe (SafeNet, Inc.)

O4 - HKLM..\Run: [DkStartup] C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe (SafeNet, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKLM..\RunOnce: [OTListIt] C:\Documents and Settings\Administrador.OEM\Desktop\avenger\OTListIt2.exe (OldTimer Tools)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {3B2FC559-5102-4482-9684-66906D53A500} http://www.t37.com.br/_conteudo/ecpf/EvalCriptoCOM.cab (Auth Class)

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com.br/s/v/35.08/uploader2.cab (UploadListView Class)

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} http://www.wilsononline.com.br/includes/asp/arview2.cab (ActiveReports Viewer2)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game02.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab (GbPluginObj Class)

O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/12 18:47:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009/03/03 16:56:31 | 00,000,000 | ---D | C] -- C:\_OTListIt

[2009/03/03 14:45:02 | 00,000,716 | ---- | C] () -- C:\Documents and Settings\Administrador.OEM\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk

[2009/03/03 14:44:54 | 00,000,000 | ---D | C] -- C:\Arquivos de Programas RFB

[2009/02/19 10:48:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

[2009/02/19 10:48:22 | 00,000,000 | ---D | C] -- C:\Avenger

[2009/02/19 10:43:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador.OEM\Desktop\avenger

[2009/02/13 12:41:14 | 00,000,000 | ---D | C] -- C:\rsit

[2009/02/12 12:06:39 | 00,000,000 | ---D | C] -- C:\_OTMoveIt

[2009/02/09 17:08:37 | 00,000,000 | ---D | C] -- C:\ComboFix

[2009/02/09 11:48:45 | 00,000,000 | ---D | C] -- C:\HiJackThis

[2009/02/09 11:31:39 | 00,000,934 | ---- | C] () -- C:\Documents and Settings\Administrador.OEM\Desktop\Códigos de Barra - Comércio Exterior.lnk

[2009/02/09 11:31:38 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Códigos de Barra - Comércio Exterior

[2009/02/03 16:26:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2009/02/03 13:34:04 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk

[2009/02/03 13:34:03 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009/02/03 13:33:59 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009/02/03 13:33:55 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009/02/03 13:33:48 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009/02/03 13:33:47 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009/02/03 13:33:47 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009/02/03 13:33:46 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009/02/03 13:33:46 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009/02/03 13:32:31 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009/02/03 13:32:31 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2009/02/03 10:25:00 | 00,031,048 | ---- | C] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\gbpkm.sys

[2009/02/02 15:43:55 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2009/02/02 15:43:47 | 00,261,856 | ---- | C] () -- C:\cmldr

[2009/02/02 15:43:40 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/02/02 15:40:18 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/02/02 15:40:18 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/02/02 15:40:18 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe

[2009/02/02 15:40:18 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/02/02 15:40:18 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/02/02 15:40:18 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

[2009/02/02 15:40:18 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/02/02 15:40:17 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/02/02 15:40:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/02/02 15:40:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/02/02 15:40:06 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/02/02 15:13:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang

 

========== Files - Modified Within 30 Days ==========

 

[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009/10/09 07:56:04 | 00,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{22B879E5-9FF6-41BF-A137-EE1116761378}.job

[2009/03/04 12:34:58 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/03/04 07:52:47 | 00,000,493 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2009/03/04 07:51:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/03/04 07:51:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009/03/04 07:51:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/03/03 14:45:02 | 00,000,716 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk

[2009/03/03 07:50:20 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/03/02 09:48:23 | 00,003,018 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/02/25 14:04:28 | 00,297,948 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/02/20 16:46:20 | 00,008,242 | ---- | M] () -- C:\WINDOWS\WDIC.INI

[2009/02/20 12:25:40 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2009/02/19 14:15:09 | 00,297,950 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090219-141524.backup

[2009/02/19 14:14:44 | 00,297,950 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090219-141509.backup

[2009/02/19 14:04:42 | 00,000,989 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Desktop\Spybot - Search & Destroy.lnk

[2009/02/16 07:48:07 | 00,347,294 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2009/02/16 07:48:06 | 00,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/02/16 07:48:06 | 00,049,586 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2009/02/16 07:48:06 | 00,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/02/16 07:48:03 | 00,759,962 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/02/13 10:54:19 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Meus documentos\Memorando Geral.doc

[2009/02/12 01:56:17 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/02/10 17:01:43 | 00,292,838 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090219-141444.backup

[2009/02/10 17:01:14 | 00,292,838 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090210-180143.backup

[2009/02/09 14:42:57 | 00,243,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/02/09 11:34:55 | 00,065,176 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/02/09 11:31:39 | 00,000,934 | ---- | M] () -- C:\Documents and Settings\Administrador.OEM\Desktop\Códigos de Barra - Comércio Exterior.lnk

[2009/02/05 18:11:35 | 01,256,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009/02/05 18:08:19 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009/02/05 18:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009/02/05 18:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009/02/05 18:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009/02/05 18:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009/02/05 18:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009/02/05 18:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009/02/05 18:04:45 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009/02/03 17:04:03 | 00,292,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090210-180114.backup

[2009/02/03 16:30:22 | 00,292,696 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090203-180403.backup

[2009/02/03 16:30:15 | 00,292,696 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090203-173022.backup

[2009/02/03 16:26:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\VPC32.INI

[2009/02/03 13:34:04 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk

[2009/02/02 15:59:10 | 00,000,629 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/02/02 15:59:10 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009/02/02 15:59:10 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/02/02 15:26:14 | 00,000,211 | ---- | M] () -- C:\Boot.bak

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrador.OEM\Desktop\Departamento do Fundo da Marinha Mercante - Sistema Mercante.mht:SummaryInformation

@Alternate Data Stream - 308 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrador.OEM\Desktop\Departamento do Fundo da Marinha Mercante - Sistema Mercante.mht:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

< End of report >

[MGuitar 11]

Ok, o log está limpo.

 

- Faça o download do ToolsCleaner2 e salve no desktop;

 

- Feche todas as janelas abertas e dê um duplo clique no ícone do programa para executá-lo:

- Clique no botão Recherche para iniciar o scan e aguarde:

- Quando o scan terminar, será apresentado os itens que serão removidos;

- Clique no botão Supression para remover os itens encontrados e depois clique em Quitter para que o programa se feche e o log será gerado;

- O log estará em C:\TCleaner.txt.

 

Cole este log em sua próxima resposta.

 

OBS: O programa irá remover o HijackThis.

 

Como está o PC?

[BabiFerrer 0]

Ok, o log está limpo.

 

- Faça o download do ToolsCleaner2 e salve no desktop;

 

- Feche todas as janelas abertas e dê um duplo clique no ícone do programa para executá-lo:

- Clique no botão Recherche para iniciar o scan e aguarde:

- Quando o scan terminar, será apresentado os itens que serão removidos;

- Clique no botão Supression para remover os itens encontrados e depois clique em Quitter para que o programa se feche e o log será gerado;

- O log estará em C:\TCleaner.txt.

 

Cole este log em sua próxima resposta.

 

OBS: O programa irá remover o HijackThis.

 

Como está o PC?

 

- Olha esta bem melhor !!! Muito obrigada !

 

 

[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

 

-->- Recherche:

 

C:\avenger.txt: trouvé !

C:\avenger: trouvé !

C:\Combofix: trouvé !

C:\HijackThis: trouvé !

C:\Qoobox: trouvé !

C:\_OtMoveIt: trouvé !

C:\Rsit: trouvé !

C:\ComboFix\Combofix.txt: trouvé !

C:\Documents and Settings\Administrador.OEM\Desktop\avenger: trouvé !

C:\Documents and Settings\Administrador.OEM\Desktop\avenger\avenger.zip: trouvé !

C:\Documents and Settings\Administrador.OEM\Desktop\avenger\avenger.exe: trouvé !

C:\Documents and Settings\Administrador.OEM\Desktop\avenger\OTMoveIt3.exe: trouvé !

C:\Documents and Settings\Administrador.OEM\Desktop\avenger\Rsit.exe: trouvé !

C:\HiJackThis\HijackThis.exe: trouvé !

C:\HiJackThis\hijackthis.log: trouvé !

 

---------------------------------

-->- Suppression:

 

C:\Documents and Settings\Administrador.OEM\Desktop\avenger\avenger.zip: supprimé !

C:\Documents and Settings\Administrador.OEM\Desktop\avenger\avenger.exe: supprimé !

C:\HiJackThis\HijackThis.exe: supprimé !

C:\avenger.txt: supprimé !

C:\ComboFix\Combofix.txt: supprimé !

C:\Documents and Settings\Administrador.OEM\Desktop\avenger\OTMoveIt3.exe: supprimé !

C:\Documents and Settings\Administrador.OEM\Desktop\avenger\Rsit.exe: supprimé !

C:\HiJackThis\hijackthis.log: supprimé !

C:\avenger: supprimé !

C:\Combofix: supprimé !

C:\HijackThis: supprimé !

C:\Qoobox: supprimé !

C:\_OtMoveIt: supprimé !

C:\Rsit: supprimé !

C:\Documents and Settings\Administrador.OEM\Desktop\avenger: supprimé !

[MGuitar 11]

Ok, delete o ToolsCleaner2 e o OTListIt2.

 

Desative a ative novamente a Restauração do Sistema.

 

Recomendo que faça uma limpeza no PC para a remoção de entradas inválidas no registro e arquivos temporários.

 

- Baixe o CCleaner Slim e salve-o no desktop;

 

- Instale o programa normalmente;

- Abra-o e clique em Analisar > Executar Limpeza;

- Em seguida, clique em Registro > Procurar erros > Corrigir erros selecionados.

 

OBS: Quando perguntar se deseja fazer um backup das entradas do registro, clique em Sim e faça-o.

Faça uma limpeza regularmente com o CCleaner.

 

Os logs estão ok. Algum problema ainda?

[BabiFerrer 0]

Ok, delete o ToolsCleaner2 e o OTListIt2.

 

Desative a ative novamente a Restauração do Sistema.

 

Recomendo que faça uma limpeza no PC para a remoção de entradas inválidas no registro e arquivos temporários.

 

- Baixe o CCleaner Slim e salve-o no desktop;

 

- Instale o programa normalmente;

- Abra-o e clique em Analisar > Executar Limpeza;

- Em seguida, clique em Registro > Procurar erros > Corrigir erros selecionados.

 

OBS: Quando perguntar se deseja fazer um backup das entradas do registro, clique em Sim e faça-o.

Faça uma limpeza regularmente com o CCleaner.

 

Os logs estão ok. Algum problema ainda?

 

Meu anjo, muito orbigada por toda a sua paciencia !

 

Por enquanto esta tudo ok ! Eu tenho mais um Pc que esta me dando trabalho, semana que vem começo a trabalhar dele e provavelmente terei que recorrer a vcs ! espero que eu pegue você ! muito obrigada mais uma vez !

[MGuitar 11]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.