Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Alisson Allan de Andrade

[Resolvido] &nbspAmpulheta não para de piscar

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Alisson Allan de Andrade    0

Alisson Allan de Andrade
Postado

O Avast não encontrou nada.

Desde já agradeço.

O log gerado é:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:45:20, on 28/3/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Arquivos de programas\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\WINDOWS\BisonCam\BisonHK.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Aladdin Shared\eToken\PKIClient\x32\PKIMonitor.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fb_inet_server.exe

C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\HijackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\AVAST Software\Avast\defs\12032701\Sf.bin

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bb.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: 88.80.5.187 bankline.itau.com.br

O1 - Hosts: 88.80.5.188 www.santandernet.com.br

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Arquivos de programas\BS_Player\tbBS_1.dll (file missing)

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Arquivos de programas\BS_Player\tbBS_1.dll (file missing)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [bisonHK] C:\WINDOWS\BisonCam\BisonHK.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eTMonitor] C:\Arquivos de programas\Arquivos comuns\Aladdin Shared\eToken\PKIClient\x32\PKIMonitor.exe

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fb_inet_server.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 8796 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Olá Alisson Allan de Andrade

 

 

1.

*Baixe o Repair Hosts File e salve-o no desktop

 

*Execute-o.

 

1hujwi.jpg

 

*Clique [start]

 

2.

*Baixe o Bankerfix e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [OK] > [sIM] (se pedir alguma atualização) > [OK] > [ENTER]

 

v61cnn.jpg

 

*Ao finalizar, tecle [ENTER]

 

*Cole o relatório C:\LinhaDefensiva\relatorio.txt

 

3.

*Instale o MalwareBytes

 

*Aguarde a atualização e o programa será aberto automaticamente

 

*Selecione [Verificação completa]

 

15i807m.jpg

 

*Clique [Verificar] e selecione a partição onde o Windows está instalado ( geralmente C:\ )

 

*Clique [Verificar]

 

*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]

 

*Cole o relatório apresentado

Compartilhar este post

Link para o post
Compartilhar em outros sites

Alisson Allan de Andrade    0

Alisson Allan de Andrade
Postado

BankerFix

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2012-03-28 - 12:45

-------------------------------------------------------

Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1

=======================================================

 

----- Fim -------------------------

 

MalwareBytes

 

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Versão da Base de Dados: v2012.03.28.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Alisson Motos :: ALISSON_MOTOS_2 [administrador]

 

28/3/2012 13:09:15

log

 

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 217605

Tempo decorrido: 35 minuto(s), 14 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 3

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Ruim: (1) Bom: (0) -> Nenhuma ação foi feita.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Ruim: (1) Bom: (0) -> Nenhuma ação foi feita.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Ruim: (1) Bom: (0) -> Nenhuma ação foi feita.

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

 

(fim)

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

1.

*Delete o Repair Hosts File

 

2.

*Delete o Bankerfix e a pasta C:\LinhaDefensiva

 

3.

*Baixe o SecurityCheck de screen317 e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Tecle [Enter] e cole o relatório apresentado

 

4.

*Baixe o OTL de Old_Timer e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

2losnn.jpg

 

*Selecione:

Verificar All Users

Ignorar Arquivos Microsoft

Usar WhiteList para Nomes de Companhias

Verificar Lop

Verificar Purity

 

*Clique [Verificar] e cole os relatórios OTL.txt e Extras.txt criados no desktop

 

*Caso os relatórios sejam grandes, acesse este link

 

*Cole o relatório OTL.txt no espaço abaixo de New Paste

*Em Paste Expiration selecione: 1 Day

 

*Clique [submit]

*Digite as letras e/ou números que aparecerão e clique [submit]

*Cole o link

*Repita o procedimento para o relatório Extras.txt

Compartilhar este post

Link para o post
Compartilhar em outros sites

Alisson Allan de Andrade    0

Alisson Allan de Andrade
Postado

Security Check

 

Results of screen317's Security Check version 0.99.24

Windows XP Service Pack 3 x86 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

avast! Free Antivirus

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 31

Adobe Flash Player 11.1.102.55

Mozilla Firefox (x86 pt-BR..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

``````````End of Log````````````

 

 

OTL

 

OTL logfile created on: 28/3/2012 16:55:49 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Alisson Motos\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1014,42 Mb Total Physical Memory | 406,08 Mb Available Physical Memory | 40,03% Memory free

2,38 Gb Paging File | 1,83 Gb Available in Paging File | 76,54% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 149,04 Gb Total Space | 134,41 Gb Free Space | 90,18% Space Free | Partition Type: NTFS

 

Computer Name: ALISSON_MOTOS_2 | User Name: Alisson Motos | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/03/28 16:43:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alisson Motos\Desktop\OTL.exe

PRC - [2012/03/23 09:24:08 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Update\1.3.21.111\GoogleCrashHandler.exe

PRC - [2012/03/21 09:21:14 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

PRC - [2012/03/09 08:24:24 | 000,202,824 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

PRC - [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

PRC - [2011/09/06 17:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe

PRC - [2011/09/06 17:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/02/01 08:29:32 | 002,752,512 | ---- | M] (Firebird Project) -- C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fb_inet_server.exe

PRC - [2009/11/12 12:48:56 | 000,071,096 | ---- | M] () -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/11/05 15:27:14 | 000,221,184 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\Arquivos de programas\Arquivos comuns\Aladdin Shared\eToken\PKIClient\x32\PKIMonitor.exe

PRC - [2007/08/09 04:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2007/08/07 08:29:22 | 000,065,536 | ---- | M] () -- C:\WINDOWS\BisonCam\BisonHK.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/03/28 05:16:02 | 001,751,040 | ---- | M] () -- C:\Arquivos de programas\AVAST Software\Avast\defs\12032801\algo.dll

MOD - [2012/03/27 10:49:57 | 000,572,128 | ---- | M] () -- C:\Arquivos de programas\AVAST Software\Avast\defs\12032801\Sf.bin

MOD - [2012/03/27 09:47:27 | 001,749,504 | ---- | M] () -- C:\Arquivos de programas\AVAST Software\Avast\defs\12032701\algo.dll

MOD - [2012/03/21 09:21:12 | 000,429,040 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\17.0.963.83\ppgooglenaclpluginchrome.dll

MOD - [2012/03/21 09:21:11 | 003,772,912 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\17.0.963.83\pdf.dll

MOD - [2012/03/21 09:19:37 | 000,122,880 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\17.0.963.83\avutil-51.dll

MOD - [2012/03/21 09:19:35 | 000,220,672 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\17.0.963.83\avformat-53.dll

MOD - [2012/03/21 09:19:34 | 001,747,456 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\17.0.963.83\avcodec-53.dll

MOD - [2012/03/21 04:44:18 | 008,593,056 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\17.0.963.83\gcswf32.dll

MOD - [2012/01/03 08:45:08 | 000,016,832 | ---- | M] () -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\ViewerPS.dll

MOD - [2009/11/12 12:48:56 | 000,071,096 | ---- | M] () -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll

MOD - [2009/02/27 17:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB

MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll

MOD - [2008/03/29 03:42:20 | 000,159,744 | ---- | M] () -- C:\Arquivos de programas\Essentials Codec Pack\Haali\mmfinfo.dll

MOD - [2008/03/29 03:41:52 | 000,023,552 | ---- | M] () -- C:\Arquivos de programas\Essentials Codec Pack\Haali\mkunicode.dll

MOD - [2007/08/07 08:29:22 | 000,065,536 | ---- | M] () -- C:\WINDOWS\BisonCam\BisonHK.exe

MOD - [2007/08/07 05:47:38 | 000,024,576 | ---- | M] () -- C:\WINDOWS\BisonCam\KBHookDLL.dll

MOD - [2007/03/29 15:11:10 | 000,217,088 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Aladdin Shared\eToken\PKIClient\x32\QtXml4.dll

MOD - [2007/03/27 20:06:46 | 000,131,072 | R--- | M] () -- C:\Arquivos de programas\Arquivos comuns\Aladdin Shared\eToken\PKIClient\x32\plugins\imageformats\qjpeg1.dll

MOD - [2007/03/27 20:04:00 | 005,529,600 | R--- | M] () -- C:\Arquivos de programas\Arquivos comuns\Aladdin Shared\eToken\PKIClient\x32\QtGui4.dll

MOD - [2007/03/27 20:04:00 | 001,466,368 | R--- | M] () -- C:\Arquivos de programas\Arquivos comuns\Aladdin Shared\eToken\PKIClient\x32\QtCore4.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012/03/09 08:24:24 | 000,202,824 | ---- | M] ( ) [Auto | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2011/09/06 17:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/02/01 08:29:32 | 002,752,512 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fb_inet_server.exe -- (FirebirdServerDefaultInstance)

SRV - [2009/11/12 12:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2007/08/09 04:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ss_acdrv.sys -- (SS_ACdrv)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt73.sys -- (RT73)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/03/28 11:10:03 | 000,028,880 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (NdisrdMP)

DRV - [2012/03/28 11:10:03 | 000,028,880 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (Ndisrd)

DRV - [2012/03/09 08:25:34 | 000,046,152 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)

DRV - [2011/09/06 17:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/09/06 17:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/09/06 17:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/09/06 17:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/09/06 17:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/09/06 17:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/09/06 17:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2008/04/18 00:33:00 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/01/04 06:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007/09/11 16:43:16 | 000,048,296 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksifdh.sys -- (AKSIFDH)

DRV - [2007/09/11 16:43:16 | 000,034,472 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksup.sys -- (AKSUP)

DRV - [2007/09/11 16:43:16 | 000,012,456 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eTSCFLT.sys -- (eTSCFLT)

DRV - [2006/11/08 16:00:10 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2006/11/08 15:59:36 | 000,257,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2006/11/08 15:59:30 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2002/10/01 03:43:32 | 000,119,798 | R--- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPCA561.SYS -- (CA561) ICatch (VI)

DRV - [2001/08/17 18:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1078081533-1757981266-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bb.com.br/

IE - HKU\S-1-5-21-1078081533-1757981266-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1078081533-1757981266-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1078081533-1757981266-839522115-1003\..\SearchScopes\{07F0A056-7A66-4CDC-ABC3-9369F98C0262}: "URL" = http://www.google.com.br/search?hl=pt-BR&q={searchTerms}&meta=

IE - HKU\S-1-5-21-1078081533-1757981266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "BS Player Customized Web Search"

FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"

FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.3.3.2

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}:5.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2

FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.02

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\BrowserPlusPlugins\2298520904397accd70db0fb38279b6b\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Arquivos de programas\AVAST Software\Avast\WebRep\FF [2011/09/13 12:58:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox 3.1 Beta 3\components [2011/09/30 12:17:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox 3.1 Beta 3\plugins [2012/01/16 08:22:40 | 000,000,000 | ---D | M]

 

[2010/01/09 15:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\Mozilla\Extensions

[2010/01/09 15:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org

[2012/01/16 08:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\Mozilla\Firefox\Profiles\ba8u4fsg.default\extensions

[2011/05/31 09:28:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\Mozilla\Firefox\Profiles\ba8u4fsg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2011/10/25 13:15:52 | 000,000,000 | ---D | M] (Modulo de Protecao - Banco do Brasil) -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\Mozilla\Firefox\Profiles\ba8u4fsg.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2012/01/16 08:13:02 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\Mozilla\Firefox\Profiles\ba8u4fsg.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

[2011/04/12 12:02:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\Mozilla\Firefox\Profiles\ba8u4fsg.default\extensions\engine@conduit.com

[2011/03/25 11:30:00 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\Mozilla\Firefox\Profiles\ba8u4fsg.default\searchplugins\conduit.xml

[2011/09/13 12:58:46 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\ARQUIVOS DE PROGRAMAS\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012/03/20 16:53:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2009/05/05 11:31:40 | 000,000,000 | ---D | M] (Orbit Downloader Firefox Integration) -- C:\ARQUIVOS DE PROGRAMAS\ORBITDOWNLOADER\ADDONS\ORBITFF

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\17.0.963.83\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\17.0.963.83\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Arquivos de programas\Mozilla Firefox 3.1 Beta 3\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Arquivos de programas\Mozilla Firefox 3.1 Beta 3\plugins\npFoxitReaderPlugin.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\BrowserPlusPlugins\2298520904397accd70db0fb38279b6b\npybrowserplus_2.9.8.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Documents and Settings\Alisson Motos\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Pesquisa do Google = C:\Documents and Settings\Alisson Motos\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\

CHR - Extension: avast! WebRep = C:\Documents and Settings\Alisson Motos\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

CHR - Extension: Gmail = C:\Documents and Settings\Alisson Motos\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012/03/28 12:47:47 | 000,000,849 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - No CLSID value found.

O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Arquivos de programas\BS_Player\tbBS_1.dll File not found

O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Arquivos de programas\BS_Player\tbBS_1.dll File not found

O3 - HKU\S-1-5-21-1078081533-1757981266-839522115-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKU\S-1-5-21-1078081533-1757981266-839522115-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

O3 - HKU\S-1-5-21-1078081533-1757981266-839522115-1003\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Arquivos de programas\BS_Player\tbBS_1.dll File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast] C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bisonHK] C:\WINDOWS\BisonCam\BisonHK.exe ()

O4 - HKLM..\Run: [eTMonitor] C:\Arquivos de programas\Arquivos comuns\Aladdin Shared\eToken\PKIClient\x32\PKIMonitor.exe (Aladdin Knowledge Systems, Ltd.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-1078081533-1757981266-839522115-1003..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1078081533-1757981266-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKU\S-1-5-21-1078081533-1757981266-839522115-1003\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-1078081533-1757981266-839522115-1003\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKU\S-1-5-21-1078081533-1757981266-839522115-1003\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKU\S-1-5-21-1078081533-1757981266-839522115-1003\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.176.2.10 200.176.2.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E59198A6-6A9C-461D-9FD0-C07FAEB2C98F}: DhcpNameServer = 200.176.2.10 200.176.2.12

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-1078081533-1757981266-839522115-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Arquivos de programas\GbPlugin\gbieh.dll) - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Alisson Motos\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alisson Motos\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/04/03 08:31:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{4e37bc30-22fd-11df-8c23-001fe2320569}\Shell - "" = AutoRun

O33 - MountPoints2\{4e37bc30-22fd-11df-8c23-001fe2320569}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{4e37bc33-22fd-11df-8c23-001fe2320569}\Shell - "" = AutoRun

O33 - MountPoints2\{4e37bc33-22fd-11df-8c23-001fe2320569}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{7e97afb3-6530-11e1-8fb8-001fe2320569}\Shell\AutoRun\command - "" = J:\Setup_Bloggie.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/03/28 16:43:32 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alisson Motos\Desktop\OTL.exe

[2012/03/28 12:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\Malwarebytes

[2012/03/28 12:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware

[2012/03/28 12:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2012/03/28 12:52:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/03/28 12:52:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2012/03/28 12:43:40 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE

[2012/03/28 12:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alisson Motos\Desktop\Tweaking.com - Repair Hosts File

[2012/03/28 11:12:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2012/03/28 09:40:11 | 000,000,000 | ---D | C] -- C:\HijackThis

[2012/03/27 18:50:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474

[2012/03/27 18:39:08 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\MSXML 4.0

[2012/03/27 17:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Firebird 2.1 (Win32)

[2012/03/27 17:52:22 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Firebird

[2012/03/27 17:52:20 | 001,028,096 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll

[2012/03/27 17:52:20 | 000,196,608 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll

[2012/03/27 17:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\CarSales

[2012/03/27 17:52:18 | 000,462,848 | ---- | C] (IBPhoenix) -- C:\WINDOWS\System32\Firebird2Control.cpl

[2012/03/27 17:52:18 | 000,450,560 | ---- | C] (Firebird Project) -- C:\WINDOWS\System32\GDS32.DLL

[2012/03/27 17:52:13 | 000,564,736 | ---- | C] (ZPM Automação Comercial) -- C:\WINDOWS\System32\DLLG2.dll

[2012/03/27 17:52:13 | 000,450,560 | ---- | C] (Firebird Project) -- C:\WINDOWS\System32\fbclientd21.dll

[2012/03/27 17:52:13 | 000,450,560 | ---- | C] (Firebird Project) -- C:\WINDOWS\System32\fbclient.dll

[2012/03/27 17:52:13 | 000,000,000 | ---D | C] -- C:\CarSales

[2012/03/20 16:55:06 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Java

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

File not found -- C:\Documents and Settings\Alisson Motos\Desktop\Vale a pena abrir. . . é lindo!!.pps

File not found -- C:\Documents and Settings\Alisson Motos\Desktop\Mulher tira atençao de qualquer um 003.wmv

File not found -- C:\Documents and Settings\Alisson Motos\Desktop\Impressora em 3D revoluçao na impressao.wmv

[2012/03/28 17:02:56 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5F8CAB7A-D860-41D8-9C09-5F9283EBA57B}.job

[2012/03/28 16:43:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alisson Motos\Desktop\OTL.exe

[2012/03/28 16:43:21 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Alisson Motos\Desktop\SecurityCheck.exe

[2012/03/28 16:29:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/03/28 13:46:32 | 000,002,974 | ---- | M] () -- C:\Documents and Settings\Alisson Motos\Desktop\log Malware

[2012/03/28 12:52:52 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/28 12:47:47 | 000,000,849 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/03/28 12:43:40 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE

[2012/03/28 12:40:46 | 000,456,902 | ---- | M] () -- C:\Documents and Settings\Alisson Motos\Desktop\RepairHostsFile.exe

[2012/03/28 11:33:05 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2012/03/28 11:10:23 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/03/28 11:10:03 | 000,028,880 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\GbpNdisrd.sys

[2012/03/28 11:09:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/03/28 10:00:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/03/28 09:10:04 | 000,425,072 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2012/03/28 09:10:04 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/03/28 09:10:04 | 000,067,232 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2012/03/28 09:10:04 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/03/28 09:04:46 | 000,444,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/03/27 17:52:19 | 000,000,522 | ---- | M] () -- C:\Documents and Settings\Alisson Motos\Desktop\CarSales.lnk

[2012/03/26 09:26:32 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/03/09 08:25:34 | 000,046,152 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\gbpkm.sys

[2012/03/07 17:11:38 | 000,279,402 | ---- | M] () -- C:\Documents and Settings\Alisson Motos\Meus documentos\boleto gsm.pdf

[2012/03/02 15:33:47 | 000,554,278 | ---- | M] () -- C:\Documents and Settings\Alisson Motos\Desktop\Piscina noite.jpg

[2012/02/28 11:54:32 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Alisson Motos\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

File not found -- C:\Documents and Settings\Alisson Motos\Desktop\Vale a pena abrir. . . é lindo!!.pps

File not found -- C:\Documents and Settings\Alisson Motos\Desktop\Mulher tira atençao de qualquer um 003.wmv

File not found -- C:\Documents and Settings\Alisson Motos\Desktop\Impressora em 3D revoluçao na impressao.wmv

[2012/03/28 16:43:10 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Alisson Motos\Desktop\SecurityCheck.exe

[2012/03/28 13:46:31 | 000,002,974 | ---- | C] () -- C:\Documents and Settings\Alisson Motos\Desktop\log Malware

[2012/03/28 12:52:52 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/28 12:40:39 | 000,456,902 | ---- | C] () -- C:\Documents and Settings\Alisson Motos\Desktop\RepairHostsFile.exe

[2012/03/27 18:50:51 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job

[2012/03/27 17:52:19 | 000,000,522 | ---- | C] () -- C:\Documents and Settings\Alisson Motos\Desktop\CarSales.lnk

[2012/03/27 17:52:13 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\libmySQL50.dll

[2012/03/27 09:38:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/03/27 09:38:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2012/03/07 17:11:36 | 000,279,402 | ---- | C] () -- C:\Documents and Settings\Alisson Motos\Meus documentos\boleto gsm.pdf

[2012/03/02 09:07:50 | 000,554,278 | ---- | C] () -- C:\Documents and Settings\Alisson Motos\Desktop\Piscina noite.jpg

[2011/06/21 11:01:14 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\CertUtilFF.exe

[2011/06/21 11:01:13 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\GBPErase.sys.off

[2010/07/15 13:31:02 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2010/04/22 09:39:26 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI

 

========== LOP Check ==========

 

[2011/03/10 19:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\Canneverbe Limited

[2010/01/23 12:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\Canneverbe_Limited

[2009/04/08 17:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\Foxit

[2009/04/07 13:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\GrabPro

[2009/10/20 12:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\Image Zone Express

[2012/03/27 10:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alisson Motos\Dados de aplicativos\Orbit

[2012/03/27 09:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2011/07/15 15:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software

[2010/01/23 12:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Canneverbe Limited

[2011/08/10 14:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\gas

[2010/04/19 13:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2012/03/28 17:02:56 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5F8CAB7A-D860-41D8-9C09-5F9283EBA57B}.job

[2012/03/28 11:33:05 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 208 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

 

< End of report >

 

Acho que faltou esse:

 

Extras.txt

 

 

OTL Extras logfile created on: 28/3/2012 16:55:49 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Alisson Motos\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1014,42 Mb Total Physical Memory | 406,08 Mb Available Physical Memory | 40,03% Memory free

2,38 Gb Paging File | 1,83 Gb Available in Paging File | 76,54% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 149,04 Gb Total Space | 134,41 Gb Free Space | 90,18% Space Free | Partition Type: NTFS

 

Computer Name: ALISSON_MOTOS_2 | User Name: Alisson Motos | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1003\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Orbitdownloader\orbitdm.exe" = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Arquivos de programas\Orbitdownloader\orbitnet.exe" = C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

"C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\Skype\Phone\Skype.exe" = C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype

"C:\Arquivos de programas\LimeWire\LimeWire.exe" = C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire

"C:\Arquivos de programas\Java\jre6\bin\javaw.exe" = C:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\WINDOWS\system32\1301390620\wininit.exe" = C:\WINDOWS\system32\1301390620\wininit.exe:*:Enabled:GoSv3

"C:\Arquivos de programas\Mozilla Firefox 3.1 Beta 3\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox 3.1 Beta 3\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)

"C:\CarSales\Recursos\ConectaStb.exe" = C:\CarSales\Recursos\ConectaStb.exe:*:Enabled:ConectaStb.exe

"C:\CarSales\Recursos\Suporte.exe" = C:\CarSales\Recursos\Suporte.exe:*:Enabled:Suporte.exe

"C:\CarSales\CarSales.exe" = C:\CarSales\CarSales.exe:*:Enabled:CarSales.exe -- ()

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000416-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp

"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials

"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{2146B7E6-FC1C-4230-9952-E9CA2260AA08}" = eToken PKI Client 4.55

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2

"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter

"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1

"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call

"{5AB0B30D-4EBF-4897-894A-6B8865954694}" = Bison WebCam Ap

"{61B1A9C8-B2AD-4F54-B916-388FFD07BDE7}" = 4300

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6FBA74BD-149F-4521-B921-FFCC84876864}" = Assistente de Instalação Certisign

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A744C7C3-76F5-42F5-9E15-497A3DFBC709}" = 4300Trb

"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1046-7B44-A95000000001}" = Adobe Reader 9.5.0 - Português

"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver

"{B4C4CBBB-A7FF-4581-B7EC-A501781ADCA3}" = Gerenciador de Certificados Digitais - Certisign

"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3

"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc

"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential

"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant

"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A

"{E769999E-D0D9-4D51-AEFE-1BD44289E550}" = 4300_Help

"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Ask Toolbar_is1" = Foxit Toolbar

"avast" = avast! Free Antivirus

"CarSales_is1" = CarSales 2.0

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F50&SUBSYS_207C14F1" = Soft Voice SoftRing Modem with SmartSP

"CutePDF Writer Installation" = CutePDF Writer 2.8

"DirectVobSub" = DirectVobSub (remove only)

"DVD Shrink_is1" = DVD Shrink 3.2

"FBDBServer_2_1_is1" = Firebird 2.1.4.18393 (Win32)

"Formulario para Protesto_is1" = Formulario para Protesto Versão 1.0

"Foxit Reader" = Foxit Reader

"Google Chrome" = Google Chrome

"GPBe - GUIA POSTAL BRASILEIRO ELETRÔNICO®_is1" = GPBe - GUIA POSTAL BRASILEIRO ELETRÔNICO® 2009

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 6.1

"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.60.1.1000

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Mozilla Firefox 7.0.1 (x86 pt-BR)" = Mozilla Firefox 7.0.1 (x86 pt-BR)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Orbit_is1" = Orbit Downloader

"The KMPlayer" = The KMPlayer (remove only)

"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3b

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Emissor de Nota Fiscal Eletrônica (NF-e) 2.0" = Emissor de Nota Fiscal Eletrônica (NF-e) 2.0

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 20/3/2012 08:34:04 | Computer Name = ALISSON_MOTOS_2 | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Os dados são inválidos.

 

Error - 20/3/2012 08:34:05 | Computer Name = ALISSON_MOTOS_2 | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Os dados são inválidos.

 

Error - 20/3/2012 12:31:44 | Computer Name = ALISSON_MOTOS_2 | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Os dados são inválidos.

 

Error - 21/3/2012 08:15:02 | Computer Name = ALISSON_MOTOS_2 | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha ntdll.dll, versão 5.1.2600.5512, endereço com falha 0x00012e63.

 

Error - 22/3/2012 09:45:20 | Computer Name = ALISSON_MOTOS_2 | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha aswwebrepie.dll, versão 6.0.1289.0, endereço com falha 0x00010270.

 

Error - 28/3/2012 08:06:19 | Computer Name = ALISSON_MOTOS_2 | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Os dados são inválidos.

 

Error - 28/3/2012 08:06:19 | Computer Name = ALISSON_MOTOS_2 | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Os dados são inválidos.

 

Error - 28/3/2012 08:06:20 | Computer Name = ALISSON_MOTOS_2 | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Os dados são inválidos.

 

Error - 28/3/2012 10:11:02 | Computer Name = ALISSON_MOTOS_2 | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Os dados são inválidos.

 

Error - 28/3/2012 12:07:27 | Computer Name = ALISSON_MOTOS_2 | Source = Application Error | ID = 1000

Description = Aplicativo com falha mbam.exe, versão 1.60.0.61, módulo com falha

ntdll.dll, versão 5.1.2600.6055, endereço com falha 0x00011295.

 

[ System Events ]

Error - 28/3/2012 09:00:21 | Computer Name = ALISSON_MOTOS_2 | Source = NtServicePack | ID = 921877

Description = Falha na instalação do Windows XP KB959426. Erro interno.

 

Error - 28/3/2012 09:00:24 | Computer Name = ALISSON_MOTOS_2 | Source = Windows Update Agent | ID = 20

Description = Falha na Instalação: o Windows não pôde instalar a seguinte atualização

com o erro 0x80070643: Atualização de segurança para o Flash Player (KB923789).

 

Error - 28/3/2012 09:00:24 | Computer Name = ALISSON_MOTOS_2 | Source = Windows Update Agent | ID = 20

Description = Falha na Instalação: o Windows não pôde instalar a seguinte atualização

com o erro 0x8007054f: Atualização de Segurança para Windows XP (KB959426).

 

Error - 28/3/2012 09:51:45 | Computer Name = ALISSON_MOTOS_2 | Source = Windows Update Agent | ID = 20

Description = Falha na Instalação: o Windows não pôde instalar a seguinte atualização

com o erro 0x80070643: Atualização de segurança para o Flash Player (KB923789).

 

Error - 28/3/2012 09:52:04 | Computer Name = ALISSON_MOTOS_2 | Source = NtServicePack | ID = 921883

Description = Falha na instalação do Windows XP do Hotfix do KB959426. A Instalação

do KB959426 não foi concluída.

 

Error - 28/3/2012 10:10:03 | Computer Name = ALISSON_MOTOS_2 | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 28/3/2012 10:49:08 | Computer Name = ALISSON_MOTOS_2 | Source = BROWSER | ID = 8032

Description = O serviço localizador não pôde recuperar a lista de backup muitas

vezes no transporte \Device\NetBT_Tcpip_{E59198A6-6A9C-461D-9FD0-C07FAEB2C98F}. O

localizador reserva está finalizando.

 

Error - 28/3/2012 12:15:22 | Computer Name = ALISSON_MOTOS_2 | Source = SideBySide | ID = 16842784

Description = Não foi possível encontrar Assembly dependente Microsoft.VC80.MFCLOC

e o último erro foi A montagem a que foi feita referência não está instalada no

sistema.

 

Error - 28/3/2012 12:15:22 | Computer Name = ALISSON_MOTOS_2 | Source = SideBySide | ID = 16842811

Description = Falha de Resolve Partial Assembly para Microsoft.VC80.MFCLOC. Mensagem

de erro de referência: A montagem a que foi feita referência não está instalada

no sistema. .

 

Error - 28/3/2012 12:15:22 | Computer Name = ALISSON_MOTOS_2 | Source = SideBySide | ID = 16842811

Description = Falha de Generate Activation Context para C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\MFC80.DLL.

Mensagem

de erro de referência: A operação foi concluída com êxito. .

 

 

< End of report >

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Desative temporariamente o Avast e informe se o problema continua.

 

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > OK.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

wings, desculpe me intrometer no tópico, mais pq já passei por isso.. :thumbsup:

 

Eu conseguir resolver esse problema, o serviço que está ocasionando isso é "SF.BIN" do Avast.

 

SOLUÇÃO:

 

Clique em módulos residentes, depois módulos arquivos, em seguida configurações avançadas, sensibilidade e desmarque a opção utilizar emulação de código.

 

Link abaixo:

http://forum.avast.com/index.php?topic=88376.0

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

1.

*Delete o SecurityCheck

 

2.

*Execute o OTL e clique [Limpeza] > [OK]

*O PC será reiniciado

 

3.

*Siga as orientações do amigo Edvan

 

Obrigado pela dica Edvan...:)

 

 

Um abraço Alisson Allan de Andrade

Compartilhar este post

Link para o post
Compartilhar em outros sites

Alisson Allan de Andrade    0

Alisson Allan de Andrade
Postado

Caro amigo "Asas",

 

Quero agradecer-lhe a paciência e dedicação.

Um problema que não era seu e você se empenhou em resolver.

Pessoas assim é que engrandecem um país que tanto tem se apequenado.

 

MUITO OBRIGADO !

 

Um abraço,

Alisson

 

Caro amigo Edvan,

 

Quero também agradecer-lhe a oportuna intromissão. Nos poupou um bom tempo.

 

Forte abraço,

Alisson

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito