[Resolvido!] Outra torre, outro problema: não consigo acessar pro

[morozetti 0]

Mandei essa torre para a assistência por possível problema elétrico: não ligava. Não foi constatada a fonte do problema, as peças foram lavadas e a assistência advertiu que se o problema voltasse a ocorrer poderia ser a placa-mãe e a solução seria trocá-la.

Agora possuo outro problema:

* A internet reinicia o tempo todo

* Às vezes tento acessar qualquer programa, o círculo de espera (equivalente a ampulheta) aparece mas nada acontece

* O pc parece estar mais devagar

Pode ser que esse seja um problema de hardware e que minha placa-mãe esteja mesmo "morrendo", mas por via das dúvidas estou postando um log do HijackThis para ter certeza que não é algum vírus.

Grata

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:23:22, on 4/5/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Arquivos de programas\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Arquivos de programas\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A73B8C64-8FA5-407E-A7A5-B039A3267437}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 5029 bytes

[Sam Spade 2]

Olá morozetti! O log apresnta uma entrada do adware ShopperReports, mas não causaria isso que relata.

 

• Abra o HijackThis e clique em Do a system scan only
  Aguarde o exame acabar.
  Cada entrada tem uma caixa do lado esquerdo.
  Marque apenas a caixa da entrada abaixo:
   
  O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
   
  Ficará com um sinal V dentro da caixa.
   
  Clique então em . Dê o Ok para a pergunta e depois feche o HijackThis.
  

Gere um novo log e poste. Faça uma limpeza nos temporários e corrija erros no Registro com o CCleaner.

 

Faça também uma desfragmentação do HD, que o desempenho do SO poderá melhorar.

[morozetti 0]

Fiz a limpeza com o CCleaner e desfragmentei o disco. Além dos problemas relacionados, esqueci de mencionar que a placa de rede fica sendo constantemente desativada sozinha.

 

Segue o log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:27:30, on 4/5/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Arquivos de programas\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Arquivos de programas\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A73B8C64-8FA5-407E-A7A5-B039A3267437}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 4982 bytes

[Sam Spade 2]

Olá, tudo indica ser mesmo problema de hardware. Veremos depois com um scan online se há alguma infecção que não apareceu no log.

 

A entrada não saiu. Selecione e copie o que está dentro do QUOTE. Abra o bloco de notas e cole o que copiou. Escolha Salvar destino como > nome do arquivo: SRFix.reg

 

Salve com o tipo: todos os arquivos. Salve na área de trabalho.

 

OBS: é importante que coloque o .reg (ponto reg) após o SRFix.

 

O arquivo deverá ficar com este ícone de Entradas de registro

 

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer

\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]

 

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]

 

[-HKEY_CLASSES_ROOT\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]

 

[-HKEY_CLASSES_ROOT\TypeLib\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\1.0\HELPDIR]

Dê um duplo-clique no SRFix.reg. Aceite a incorporação ao registro.

 

Gere um novo log com o HijackThis. Faça um scan on line na Kaspersky

 

Acesse o site, clique em .

 

Obs: O site só funciona com o Internet Explorer.

 

Aceite o download do Java, depois clique em Accept para permitir a instalação do controle activeX, e quando terminar, clique em Run para permitir a execução do ActiveX.

O site atualizará a base de dados.

Clique em Settings para configurar o scan. Marque todas as opções e clique em Save para salvar as configurações.

Clique no botão Scan e selecione My Computer

 

É demorado, portanto, seja paciente.

 

Quando terminar, clique em Save Report As... para salvar o log.

 

Salve o resultado como .txt, segundo a imagem abaixo:

 

 

Poste o resultado da análise e o log do HijackThis.

[morozetti 0]

Desculpe a demora!

 

*

A entrada não saiu. Selecione e copie o que está dentro do QUOTE. Abra o bloco de notas e cole o que copiou. Escolha Salvar destino como > nome do arquivo: SRFix.reg

 

Salve com o tipo: todos os arquivos. Salve na área de trabalho.

 

OBS: é importante que coloque o .reg (ponto reg) após o SRFix.

 

O arquivo deverá ficar com este ícone de Entradas de registro

 

QUOTE

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer

\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]

 

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]

 

[-HKEY_CLASSES_ROOT\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]

 

[-HKEY_CLASSES_ROOT\TypeLib\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\1.0\HELPDIR]

 

Dê um duplo-clique no SRFix.reg. Aceite a incorporação ao registro.

 

Feito!

 

* Não consigo abrir a página do Kaspersky, tentei abrir a página do AVG e do Avast e também não consegui.

* Não consegui atualizar o MSN.

 

Essas coisas aconteceram com o meu outro pc (abri um post neste fórum tb) e resolvi o problema semana passada... :ermm:

* Os pcs não estavam e não estão em rede

 

Log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:27:48, on 14/5/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Arquivos de programas\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Arquivos de programas\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A73B8C64-8FA5-407E-A7A5-B039A3267437}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 5148 bytes

[Sam Spade 2]

Olá, houve algum problema em criar o arquivo .reg?

[morozetti 0]

Não, criei o arquivo sem problemas.

[Sam Spade 2]

Ok, baixe: ComboFix > salve na área de trabalho

• Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.
  
• Dê um duplo-clique no combofix.exe e clique em Executar para prosseguir o Fix. Aguarde pois é um pouco demorado.
  
• O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
  
• Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  
• IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
  
• Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta.
   
  OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)
  

 

O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

[morozetti 0]

Iniciei o ComboFix porém o pc reiniciou-se no meio do processo. Não mexi nem no teclado nem no mouse, não sei oq aconteceu... :upset:

[Sam Spade 2]

Reinicie o PC e aperte F8 intermitentemente. No menu escolha: modo seguro. Rode o ComboFix agora.

[morozetti 0]

Reiniciei em modo de segurança porém o ComboFix avisa que a proteção residente do Avast está ativada mas na verdade ela não está

[Sam Spade 2]

Repita em modo de segurança, só que vai iniciar o ComboFix da forma abaixo:

 

Vá em Iniciar > Executar e digite (ou copie e cole):

"%userprofile%\Desktop\Combofix.exe" /killall

 

Dê o OK. Aguarde o exame da ferramenta.

[morozetti 0]

Continua ocorrendo o mesmo problema. Não há outra ferramenta alternativa?

[Sam Spade 2]

Baixe -> Random's System Information Tool (RSIT), de random/random

Salve na sua área de trabalho.

Execute o RSIT.exe, e na janela que vai abrir, clique em Continue.

Quando terminar, dois blocos de notas serão abertos:

log.txt -> abrirá maximizado

info.txt -> abrirá minimizado.

 

Copie o conteúdo do arquivo info.txt e cole na sua resposta.

Anexe o arquivo log.txt

 

Uma cópia desses arquivos ficará salva na pasta C:\RSIT

 

Obs: Se o seu firewall alertar sobre o arquivo rsit.exe tentando se conectar, certifique-se de permitir (allow).

[morozetti 0]

* Não consegui acessar o site do RSIT por esse pc então dei download em outro pc para poder rodá-lo (não, não rodei no pc errado, hehe)

Aqui vão os Logs:

 

 

info.txt logfile of random's system information tool 1.06 2009-05-16 16:21:32

 

======Uninstall list======

 

-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER

-->C:\Arquivos de programas\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {98003BDC-1B68-4970-B28E-ACC8000D2F3E}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe

Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}

Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe

Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}

Adobe Reader 8.1.2 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81200000003}

Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}

Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}

Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Assistente de Conexão do Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Atheros Communications Inc.® L2 Fast Ethernet Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{0A755762-EED8-47AB-A446-505766F93D43}\setup.exe" -l0x9 -removeonly

Atualização de Segurança para o Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Atualização para Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Atualização para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Atualização para Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Atualização para Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Atualização para Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Atualização para Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Atualização para Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Atualização para Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Atualização para Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Atualização para Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Atualização para Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Atualização para Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Atualização para Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"

Atualização para Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"

Atualização para Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Atualização para Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

AutoCAD 2008 - English-->C:\Arquivos de programas\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD

AutoCAD Civil 3D 2008-->C:\Arquivos de programas\AutoCAD Civil 3D 2008\Setup\Setup.exe /P {5783F2D7-6000-0409-0002-0060B0CE6BBA} /M C3D

Autodesk Design Review 2008-->MsiExec.exe /I{FACF203E-0F4D-489A-B80C-D185253C8FCB}

Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}

Autodesk Vault 2008-->C:\Arquivos de programas\Autodesk\Vault 2008\Setup\setup.exe /p {E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097} /M VAULT

Autodesk Vault 2008-->MsiExec.exe /X{E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097}

avast! Antivirus-->C:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

CamView-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{BAB0B8EC-ED15-439D-A674-AAF2E43C789A}\Setup.exe" -l0x9 UNINSTALL

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

CEP - Color Enable Package-->"C:\ARQUIV~1\EAGAME~1\zCEP_Uninstaller\unins001.exe"

CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}

DivX Codec-->C:\Arquivos de programas\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Arquivos de programas\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Plus DirectShow Filters-->C:\Arquivos de programas\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Web Player-->C:\Arquivos de programas\DivX\DivXWebPlayerUninstall.exe /PLUGIN

DWG TrueView 2007-->MsiExec.exe /I{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}

eMule-->"C:\Arquivos de programas\eMule\Uninstall.exe"

EVEREST Ultimate Edition v4.50-->"C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\unins000.exe"

Galeria de Fotos do Windows Live-->MsiExec.exe /X{839DE877-7F50-4EA5-9A57-8164157F540F}

getPlus®_dll-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSd.INF, DefaultUninstall

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Google Updater-->"C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe" -uninstall

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix para Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB921411)-->"C:\WINDOWS\$NtUninstallKB921411$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

HP Customer Participation Program 9.0-->C:\Arquivos de programas\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 9.0-->C:\Arquivos de programas\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 9.0-->C:\Arquivos de programas\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP Photosmart All-In-One Software 9.0-->C:\Arquivos de programas\HP\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat

HP Photosmart Essential 2.01-->C:\Arquivos de programas\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}

HP Solution Center 9.0-->C:\Arquivos de programas\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}

HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}

Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall

IRPF2008 Windows - Declaração de Ajuste Anual-->C:\ARQUIV~1\PROGRA~1\IRPF20~1\UNWISE.EXE C:\ARQUIV~1\PROGRA~1\IRPF20~1\INSTALL.LOG

IRPF2009 - Declaração de Ajuste Anual e Final de Espólio-->C:\ARQUIV~2\IRPF2009\UNWISE.EXE C:\ARQUIV~2\IRPF2009\INSTALL.LOG

iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}

Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

LG web_Camera-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x9

Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"

Messenger-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6F6F4B70-1918-4182-9D28-C294345C5EB9}\setup.exe" -l0x9

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}

Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}

MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}

Motorola Driver Installation 3.7.0-->MsiExec.exe /I{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}

Motorola Phone Tools-->C:\Arquivos de programas\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly

Motorola PST-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}\Setup.exe" -l0x9 anything

Motorola Software Update-->MsiExec.exe /I{922D9CCA-4317-425F-9AA5-94829DF8BA6D}

Motorola Software Update-->MsiExec.exe /I{D523D985-7E7D-4A06-BEB6-3F49131A118C}

Mozilla Firefox (3.0.10)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Nero 7 Essentials-->MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1046}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}

RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Arquivos de programas\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0416 -removeonly

REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x416 REMOVE

Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x416 -removeonly

Receitanet 2008-->C:\WINDOWS\DesinstRecnet.exe

Receitanet Java 2009.01a-->C:\ARQUIV~1\PROGRA~1\RECEIT~1\DesinstJ.exe

Recuva (remove only)-->"C:\Arquivos de programas\Recuva\uninst.exe"

Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}

Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}

Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}

SimCity 4 Deluxe-->C:\Arquivos de programas\Maxis\SimCity 4 Deluxe\EAUninstall.exe

Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}

Speedy-->C:\Arquivos de programas\Telefonica\Speedy\Uninstal.exe

TradeManager-->C:\ARQUIV~1\Alibaba\TRADEM~1\UNWISE.EXE C:\ARQUIV~1\Alibaba\TRADEM~1\INSTALL.LOG

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}

Utilitário de Reposição do iPod-->MsiExec.exe /X{20ED157B-1A84-4DF7-945E-4951A38A9CBA}

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Arquivos de programas\WIBUKEY\Setup\SETUP32.EXE /R:{00060000-0000-1004-8002-0000C06B5161}

Winamp-->"C:\Arquivos de programas\Winamp\UninstWA.exe"

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}

Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

 

=====HijackThis Backups=====

 

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [2009-02-03]

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-03]

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local [2009-02-03]

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [2009-02-03]

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [2009-02-03]

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-03]

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2009-02-03]

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing) [2009-02-03]

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-02-03]

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2009-02-03]

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-02-03]

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [2009-02-03]

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" [2009-02-03]

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot [2009-02-03]

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-02-03]

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab [2009-02-03]

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe [2009-02-03]

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZSfox000 [2009-02-03]

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE [2009-02-03]

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime [2009-02-03]

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [2009-02-03]

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab [2009-02-03]

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab [2009-02-03]

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab [2009-02-03]

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...397/mcfscan.cab [2009-02-03]

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL [2009-02-03]

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-03]

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-02-03]

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2009-02-03]

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-02-03]

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local [2009-02-03]

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2009-02-03]

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-02-03]

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [2009-02-03]

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab [2009-02-03]

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab [2009-02-03]

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab [2009-02-03]

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) [2009-02-03]

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) [2009-02-03]

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank [2009-02-04]

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing) [2009-02-04]

O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Arquivos de programas\iLike\1.2.11\ilikesidebar.exe /checkforupdate (User 'SYSTEM') [2009-02-04]

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') [2009-02-04]

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing) [2009-02-04]

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-02-04]

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll [2009-02-04]

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04]

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll [2009-02-04]

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll [2009-05-04]

 

======Security center information======

 

AV: avast! antivirus 4.8.1335 [VPS 090516-0]

 

======System event log======

 

Computer Name: LINCOLN

Event Code: 20158

Message: O usuário morozetti@globo.com estabeleceu com êxito uma conexão a Girafa usando o dispositivo PPPoE6-0.

 

Record Number: 28782

Source Name: RemoteAccess

Time Written: 20090505023328.000000-180

Event Type: Informações

User:

 

Computer Name: LINCOLN

Event Code: 4201

Message: O sistema detectou que o adaptador de rede Realtek RTL8139 PCI Fast Ethernet Adapter foi conectado à rede

e iniciou uma operação normal no adaptador de rede.

 

Record Number: 28781

Source Name: Tcpip

Time Written: 20090505023318.000000-180

Event Type: Informações

User:

 

Computer Name: LINCOLN

Event Code: 20159

Message: A conexão com Girafa feita pelo usuário morozetti@globo.com, utilizando o dispositivo PPPoE6-0, foi desconectada.

 

Record Number: 28780

Source Name: RemoteAccess

Time Written: 20090505023316.000000-180

Event Type: Informações

User:

 

Computer Name: LINCOLN

Event Code: 20158

Message: O usuário morozetti@globo.com estabeleceu com êxito uma conexão a Girafa usando o dispositivo PPPoE6-0.

 

Record Number: 28779

Source Name: RemoteAccess

Time Written: 20090505023032.000000-180

Event Type: Informações

User:

 

Computer Name: LINCOLN

Event Code: 4201

Message: O sistema detectou que o adaptador de rede Realtek RTL8139 PCI Fast Ethernet Adapter foi conectado à rede

e iniciou uma operação normal no adaptador de rede.

 

Record Number: 28778

Source Name: Tcpip

Time Written: 20090505023021.000000-180

Event Type: Informações

User:

 

=====Application event log=====

 

Computer Name: LINCOLN

Event Code: 0

Message:

Record Number: 9948

Source Name: iPod Service

Time Written: 20090221005737.000000-120

Event Type: Informações

User:

 

Computer Name: LINCOLN

Event Code: 1000

Message:

Record Number: 9947

Source Name: Windows Live Messenger

Time Written: 20090221005042.000000-120

Event Type: Erro

User:

 

Computer Name: LINCOLN

Event Code: 302

Message: msnmsgr (3144) \\.\C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\giovanamorozetti@hotmail.com\SharingMetadata\Working\database_2294_718A_9471_60E9\dfsr.db: O mecanismo de banco de dados concluiu com êxito as etapas de recuperação.

 

Record Number: 9946

Source Name: ESENT

Time Written: 20090221005038.000000-120

Event Type: Informações

User:

 

Computer Name: LINCOLN

Event Code: 301

Message: msnmsgr (3144) \\.\C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\giovanamorozetti@hotmail.com\SharingMetadata\Working\database_2294_718A_9471_60E9\dfsr.db: O mecanismo de banco de dados está reproduzindo novamente o arquivo de log \\.\C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\giovanamorozetti@hotmail.com\SharingMetadata\Working\database_2294_718A_9471_60E9\fsr.log.

 

Record Number: 9945

Source Name: ESENT

Time Written: 20090221005037.000000-120

Event Type: Informações

User:

 

Computer Name: LINCOLN

Event Code: 300

Message: msnmsgr (3144) \\.\C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\giovanamorozetti@hotmail.com\SharingMetadata\Working\database_2294_718A_9471_60E9\dfsr.db: O mecanismo de banco de dados está iniciando as etapas de recuperação.

 

Record Number: 9944

Source Name: ESENT

Time Written: 20090221005037.000000-120

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\Autodesk\DWG TrueView;C:\Arquivos de programas\QuickTime\QTSystem;C:\Arquivos de programas\Arquivos comuns\DivX Shared\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel

"PROCESSOR_REVISION"=0409

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Arquivos de programas\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Arquivos de programas\QuickTime\QTSystem\QTJava.zip

 

-----------------EOF-----------------

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Administrador at 2009-05-16 16:21:21

Microsoft Windows XP Professional Service Pack 2

System drive C: has 81 GB (81%) free of 100 GB

Total RAM: 2039 MB (76% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:21:28, on 16/5/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Documents and Settings\Administrador\Desktop\RSIT.exe

C:\Arquivos de programas\Trend Micro\HijackThis\Administrador.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 4686 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-03-25 271152]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}]

GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2009-03-25 414624]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-04-30 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-30 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2008-11-04 413696]

"snpstd"=C:\WINDOWS\vsnpstd.exe [2004-06-10 286720]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-04-30 148888]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

"DAEMON Tools Lite"=C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-03-25 271152]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"=C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2009-03-25 414624]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\Arquivos de programas\iTunes\iTunes.exe"="C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Arquivos de programas\Alibaba\TradeManager\MultiMedia\AliViewer.exe"="C:\Arquivos de programas\Alibaba\TradeManager\MultiMedia\AliViewer.exe:*:Disabled:AliViewer Microsoft ???????"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"

"C:\Arquivos de programas\Motorola\Software Update\msu.exe"="C:\Arquivos de programas\Motorola\Software Update\msu.exe:*:Disabled:msu"

"C:\Arquivos de programas\Alibaba\TradeManager\TradeManager.exe"="C:\Arquivos de programas\Alibaba\TradeManager\TradeManager.exe:*:Disabled:TradeManager"

"C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe"="C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13b704b8-5431-11dd-9849-001fc6073133}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29e0da2a-3f2c-11de-ab85-00e020e02f00}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

 

 

======File associations======

 

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"

.scr - install -

.scr - config -

 

======List of files/folders created in the last 1 months======

 

2009-05-16 16:21:21 ----D---- C:\rsit

2009-05-14 21:44:47 ----D---- C:\Arquivos de programas\Arquivos comuns\DivX Shared

2009-05-14 19:15:41 ----D---- C:\ComboFix

2009-05-14 19:15:41 ----A---- C:\WINDOWS\system32\CF16950.exe

2009-05-14 15:22:05 ----A---- C:\WINDOWS\system32\CF3539.exe

2009-05-14 15:18:14 ----A---- C:\WINDOWS\ntbtlog.txt

2009-05-14 13:56:16 ----A---- C:\WINDOWS\PSEXESVC.EXE

2009-05-14 13:55:48 ----A---- C:\Boot.bak

2009-05-14 13:55:44 ----RASHD---- C:\cmdcons

2009-05-14 13:52:43 ----A---- C:\WINDOWS\system32\CF19258.exe

2009-05-10 23:20:45 ----D---- C:\Arquivos de programas\DAEMON Tools Lite

2009-05-10 23:17:57 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\DAEMON Tools

2009-05-01 08:56:22 ----D---- C:\WINDOWS\Sun

2009-04-30 19:47:35 ----A---- C:\WINDOWS\system32\javaws.exe

2009-04-30 19:47:35 ----A---- C:\WINDOWS\system32\javaw.exe

2009-04-30 19:47:35 ----A---- C:\WINDOWS\system32\java.exe

2009-04-30 19:47:35 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-04-30 19:45:03 ----D---- C:\Arquivos de programas\Java

2009-04-30 19:37:38 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Sun

2009-04-30 19:31:34 ----D---- C:\Arquivos de Programas RFB

2009-04-30 19:30:41 ----A---- C:\WINDOWS\system32\MSJCE.dll

 

======List of files/folders modified in the last 1 months======

 

2009-05-16 16:21:23 ----D---- C:\WINDOWS\Prefetch

2009-05-16 16:20:39 ----D---- C:\WINDOWS\Temp

2009-05-16 15:39:57 ----D---- C:\WINDOWS\system32\CatRoot2

2009-05-16 15:38:56 ----D---- C:\Arquivos de programas\Mozilla Firefox

2009-05-16 15:38:39 ----D---- C:\WINDOWS\system32

2009-05-16 15:38:04 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2009-05-16 15:38:04 ----AD---- C:\WINDOWS\system32\drivers

2009-05-16 14:28:08 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-05-16 02:23:56 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

2009-05-15 23:27:16 ----SHD---- C:\WINDOWS\Installer

2009-05-15 23:27:16 ----RD---- C:\Arquivos de programas

2009-05-15 23:27:16 ----HD---- C:\Config.Msi

2009-05-15 17:38:27 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Skype

2009-05-15 16:00:04 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\skypePM

2009-05-14 21:45:41 ----D---- C:\Arquivos de programas\DivX

2009-05-14 21:44:47 ----D---- C:\Arquivos de programas\Arquivos comuns

2009-05-14 17:50:08 ----A---- C:\WINDOWS\VFIND.exe

2009-05-14 15:45:41 ----D---- C:\Arquivos de programas\EA GAMES

2009-05-14 15:18:14 ----D---- C:\WINDOWS

2009-05-14 13:57:46 ----D---- C:\WINDOWS\Minidump

2009-05-14 13:55:48 ----RASH---- C:\boot.ini

2009-05-14 13:53:53 ----D---- C:\Qoobox

2009-05-10 23:58:17 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

2009-05-02 20:39:00 ----D---- C:\Arquivos de programas\eMule

2009-05-02 19:29:56 ----D---- C:\MOmmy & Chuco

2009-05-02 14:36:44 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2009-05-02 14:35:20 ----D---- C:\Arquivos de programas\iTunes

2009-04-30 19:30:41 ----D---- C:\Arquivos de programas\Programas RFB

2009-04-27 18:19:06 ----D---- C:\Arquivos de programas\GbPlugin

2009-04-27 12:30:00 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-04-27 12:29:59 ----HD---- C:\WINDOWS\inf

2009-04-20 12:56:28 ----A---- C:\WINDOWS\NIRCMD.exe

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40192]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]

R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2001-12-27 67072]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-10-29 5851488]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-01 4620288]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-28 5888]

R3 slnt;Real RTL8139 PCI Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\slnt.sys [2003-11-20 18004]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780}; \??\C:\WINDOWS\TEMP\6.tmp []

S3 anlsel8p;anlsel8p; C:\WINDOWS\system32\drivers\anlsel8p.sys []

S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-10-17 30720]

S3 BTCFilterService;USB Networking Driver Filter Service; C:\WINDOWS\system32\DRIVERS\motfilt.sys [2007-01-23 6016]

S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]

S3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2005-04-06 26752]

S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]

S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]

S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]

S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]

S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [2007-11-02 6400]

S3 Motousbnet;Motorola USB Networking Driver Service; C:\WINDOWS\system32\DRIVERS\Motousbnet.sys [2008-03-03 23296]

S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\ARQUIV~1\COMMON~1\Motive\MRENDIS5.SYS []

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []

S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]

S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 snpstd;LG Web_Camera; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-11-19 367488]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2009-03-25 52560]

R2 hpqddsvc;Serviço de Descoberta de dispositivos CUE HP; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-04-30 152984]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe [2008-08-04 85096]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 iPod Service;iPod Service; C:\Arquivos de programas\iPod\bin\iPodService.exe [2008-11-20 536872]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

S4 Bonjour Service;Bonjour Service; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2008-12-12 238888]

S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-20 654848]

S4 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-07 168432]

S4 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

S4 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]

S4 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]

 

-----------------EOF-----------------

[Sam Spade 2]

Olá, você está com uma infecção pelo worm conficker, malware de extrema dificuldade de remoção e que infectou o sistema através de um drive removível, segundo as entradas abaixo:

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13b704b8-5431-11dd-9849-001fc6073133}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29e0da2a-3f2c-11de-ab85-00e020e02f00}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

Siga estas instruções:

 

O PenClean é uma ferramenta brasileira desenvolvida por Renato Mejias. Limpa e remove do pendrive e do computador as infecções mais comuns. Veja a lista das infecções removidas.

 

• Baixe o PenClean e salve no seu desktop.
  
• Execute o programa.
  
• Conecte os seus drives removíveis ao computador.
  
• Selecione a opção Verificar unidade, abra a caixa Unidade, escolha a letra onde o pendrive esta conectado. Marque a opçao Vacinar e clique no botão Verificar.
  <<Aguarde alguns instantes, o exame é bem rápido>>
  
• Será informado se algo foi encontrado, se for encontrado será pedido para reiniciar, clique em Sim. O computador será reiniciado.
  
• Um relatório sobre a execução será gerado e salvo em C:\PenClean\PenClean.txt
  
• Faça o mesmo procedimento para limpar outras unidades que possam estar infectadas.
   
  OBS: os drives removíveis incluem também celulares, MP3/MP4 players, câmeras digitais e outros que sirvam para armazenar dados.
  

Siga depois as instruções deste tópico:

 

Conficker Kido Downadup, instruções de remoção

 

Baixe novamente o ComboFix, salvando-o no desktop. Você deverá renomear o ComboFix.exe para algo como abcde.exe pois o conficker pode impedir de rodá-lo, o que provavelmente, aconteceu anteriormente.

 

Se conseguir rodá-lo, poste o ComboFix.txt.

[morozetti 0]

Desculpe a demora, mas tive que viajar e ainda não pude voltar pra casa. Peço para que não apaguem meu tópico ainda, acredito que dentro de 2 semanas volto a mexer no pc.

Poxa, é o segundo pc com a mesma infecção, com certeza está em algum removível mesmo, agora só terei o trabalho de descobrir qual. Uma vez vacinado o pendrive, há possibilidade de reinfecção?

[Sam Spade 2]

Sim, o conficker deve ter sido introduzido nos dois PCs por um drive removível. Para quem usa rede, ele também infecta as máquinas interligadas. O drive removível se estiver limpo e com a vacina do PenClean estará protegido. É recomendável que formate os seus drives removíveis antes de rodar o PenClean.

[morozetti 0]

* Consegui limpar um iPod e um celular com o penclean.

* Finalmente o ComboFix rodou. Aqui vai o log:

 

ComboFix 09-05-31.06 - Administrador 01/06/2009 23:39.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2039.1591 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\blaah.exe

AV: avast! antivirus 4.8.1335 [VPS 090601-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\ADMINI~1\CONFIG~1\Temp\tmp2.tmp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-02 to 2009-06-02 ))))))))))))))))))))))))))))

.

 

2009-06-02 02:31 . 2009-06-02 02:31 -------- d-s---w- C:\uhuu

2009-06-02 00:39 . 2009-06-02 00:56 -------- d-----w- C:\PenClean

2009-05-17 17:09 . 2009-05-18 13:57 -------- d-----w- C:\lgupload

2009-05-17 16:48 . 2009-05-17 16:48 -------- d-----w- c:\documents and settings\Daniela - Celular\200905171347_storage

2009-05-17 16:47 . 2009-05-17 16:57 -------- d-----w- c:\documents and settings\Daniela - Celular

2009-05-17 16:46 . 2009-05-17 16:46 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\LG Electronics

2009-05-17 16:42 . 2009-05-17 16:42 -------- d-----w- c:\arquivos de programas\LG Electronics

2009-05-17 16:42 . 2007-07-11 18:51 19840 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys

2009-05-17 16:42 . 2007-07-11 13:45 21632 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys

2009-05-17 16:42 . 2007-07-11 13:40 12416 ----a-w- c:\windows\system32\drivers\lgusbbus.sys

2009-05-17 16:40 . 2009-05-17 16:41 -------- d-----w- c:\arquivos de programas\LG PC Suite 2

2009-05-16 19:21 . 2009-05-16 19:21 -------- d-----w- C:\rsit

2009-05-15 00:44 . 2009-05-15 00:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DivX Shared

2009-05-14 22:15 . 2009-06-02 02:21 -------- d-----w- C:\ComboFix

2009-05-14 16:56 . 2009-05-14 16:56 53248 ----a-w- c:\windows\PSEXESVC.EXE

2009-05-14 16:17 . 2009-05-14 16:17 398 ----a-w- c:\documents and settings\Administrador\SRFix.reg

2009-05-11 02:20 . 2009-05-11 02:20 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite

2009-05-11 02:18 . 2009-05-11 02:18 717296 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-05-11 02:17 . 2009-05-11 02:17 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-02 02:37 . 2008-04-26 20:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-05-17 17:13 . 2008-04-28 23:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DivX

2009-05-17 16:43 . 2008-04-28 23:23 -------- d-----w- c:\arquivos de programas\DivX

2009-05-17 16:42 . 2008-04-14 19:47 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-05-16 05:23 . 2008-04-17 00:09 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2009-05-15 20:38 . 2008-04-15 02:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype

2009-05-15 19:00 . 2008-04-15 02:38 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM

2009-05-14 18:45 . 2008-04-15 00:13 -------- d-----w- c:\arquivos de programas\EA GAMES

2009-05-11 02:58 . 2008-07-21 00:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-05-02 23:39 . 2008-04-17 00:09 -------- d-----w- c:\arquivos de programas\eMule

2009-05-02 17:36 . 2008-04-20 17:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-05-02 17:35 . 2008-06-09 23:41 -------- d-----w- c:\arquivos de programas\iTunes

2009-04-30 22:45 . 2009-04-30 22:47 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-04-30 22:45 . 2009-04-30 22:45 -------- d-----w- c:\arquivos de programas\Java

2009-04-30 22:42 . 2009-04-30 22:42 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2009-04-30 22:31 . 2009-04-30 22:31 -------- d-----w- C:\Arquivos de Programas RFB

2009-04-30 22:30 . 2008-04-30 21:42 -------- d-----w- c:\arquivos de programas\Programas RFB

2009-04-27 21:19 . 2009-02-20 10:54 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-04-17 14:03 . 2009-04-30 22:30 69632 ----a-w- c:\windows\system32\MSJCE.dll

2009-03-25 14:36 . 2008-12-12 09:58 26320 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2004-03-11 16:27 . 2008-08-08 11:38 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

 

------- Sigcheck -------

 

[-] 2008-04-14 02:20 1571840 698F9583D1EB213B09F12DD5826A46E2 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\sfcfiles.dll

[-] 2008-04-04 17:26 1548288 BF426063723221B70ACCBDA3593C4EBC c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-11-04 413696]

"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-30 148888]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-04-28 180269]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehuni.dll" [2009-03-25 414624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Alibaba\\TradeManager\\MultiMedia\\AliViewer.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Motorola\\Software Update\\msu.exe"=

"c:\\Arquivos de programas\\Alibaba\\TradeManager\\TradeManager.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1867:TCP"= 1867:TCP:jgtbzme

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/2/2009 14:01 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/2/2009 14:01 20560]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [20/2/2009 07:54 52560]

R3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [4/2/2009 11:45 18004]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [12/12/2008 06:58 26320]

S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\TEMP\6.tmp --> c:\windows\TEMP\6.tmp [?]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [30/7/2008 21:22 6016]

S3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [4/2/2009 13:28 26752]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [30/7/2008 21:22 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [30/7/2008 21:22 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [30/7/2008 21:22 42112]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [30/7/2008 21:22 23296]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

SafeBoot-procexp90.Sys

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -

Trusted Zone: bancobrasil.com.br\www2

TCP: {A73B8C64-8FA5-407E-A7A5-B039A3267437} = 200.204.0.10 200.204.0.138

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\qbuz3tu1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxc&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=pt-br&FORM=MIMWA1&q=

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\qbuz3tu1.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll

FF - plugin: c:\arquivos de programas\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npww.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-01 23:44

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]

"ImagePath"="\??\c:\windows\TEMP\6.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

@DACL=(02 0000)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(508)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GbPlugin\gbiehuni.dll

c:\arquivos de programas\Bonjour\mdnsNSP.dll

.

Tempo para conclusão: 2009-06-02 23:46

ComboFix-quarantined-files.txt 2009-06-02 02:45

ComboFix2.txt 2009-02-16 01:18

ComboFix3.txt 2009-02-04 14:17

 

Pré-execução: 28 pasta(s) 84.131.647.488 bytes disponíveis

Pós execução: 27 pasta(s) 84.930.355.200 bytes disponíveis

 

174 --- E O F --- 2008-09-11 00:05

 

Log do HijackThis atualizado:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:53:40, on 1/6/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A73B8C64-8FA5-407E-A7A5-B039A3267437}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 4942 bytes

[Sam Spade 2]

Olá, desculpe a demora mas o tempo apertou esses dias. O conficker continua no PC.

 

Baixe o Kaspersky AVP Tool

http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/

 

Salve-o em sua área de trabalho.

 

Execute o arquivo e vá seguindo os prompts.

Quando terminar, marque a caixa ao lado de Meu Computador, e depois clique em Scan

 

Tenha paciência, é um pouco demorado.

 

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Clique em Skip (queremos apenas o log).

 

Obs: Talvez seja necessário clicar em Skip várias vezes, caso o programa encontre vários arquivos, portanto seja paciente.

 

Quando o programa exibir a mensagem Scan Completed, clique na aba Events, desmarque a caixa de seleção "Show all events" e depois clique em "Save to file".

Salve o log em local de fácil acesso.

 

Baixe > GMER

 

Extraia os seus arquivos para o desktop.

 

Dê um duplo-clique no gmer.exe. Clique na aba Rootkit e depois no botão Scan.

 

IMPORTANTE: Não marque a caixa Show All.

 

Quando o scan acabar, clique em Copy para copiar o conteúdo para a área de transferência.

Abra o bloco de notas e cole o que copiou, e salve com o nome que desejar.

 

Copie e cole o conteúdo desse bloco de notas na sua resposta + o log do Kaspersky AVP Tool (não precisa colocar os Events deste log) + um novo ComboFix.txt (rode-o depois do GMER).

 

OBS: se não conseguir baixar alguma das ferramentas por não conseguir acessar o site, tente usando um Proxy, Acesse o site abaixo:

 

http://www.zend2.com/

 

Aí em Enter Url: cole o link que dei para baixar a ferramenta. Ex:

 

http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/