Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware And Pop-up Windows


  • Please log in to reply
7 replies to this topic

#1 fabiomelo

fabiomelo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 11 April 2008 - 07:17 PM

I'm experience lot's of pop-ups and the system is realy slow, when I login the computer gets unresponsive.... please help.

Deckard's System Scanner v20071014.68
Run by Fabio Santos on 2008-04-11 19:52:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
52: 2008-04-11 22:52:59 UTC - RP204 - Deckard's System Scanner Restore Point
51: 2008-04-11 22:13:40 UTC - RP203 - Software Distribution Service 3.0
50: 2008-04-11 16:49:08 UTC - RP202 - Software Distribution Service 3.0
49: 2008-04-11 14:53:38 UTC - RP201 - Software Distribution Service 3.0
48: 2008-04-11 12:20:24 UTC - RP200 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-09 14:52:36 UTC - RP153 - Ponto de verificação do sistema


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-11 20:02:48
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Arquivos de programasWindows DefenderMsMpEng.exe
C:WINDOWSsystem32svchost.exe
C:Arquivos de programasPanda SecurityPanda Internet Security 2008TPSrv.exe
C:WINDOWSsystem32svchost.exe
C:Arquivos de programasLavasoftAd-Aware 2007aawservice.exe
C:Arquivos de programasGbPlugingbpsv.exe
C:WINDOWSsystem32spoolsv.exe
C:Arquivos de programasBonjourmDNSResponder.exe
C:Arquivos de programasBelkinBluetooth Softwarebinbtwdins.exe
C:Arquivos de programasArquivos comunsPortrait DisplaysSharedDTSRVC.exe
C:WINDOWSsystem32E_S00RP1.EXE
C:WINDOWSsystem32eTSrv.exe
C:Arquivos de programasArquivos comunsLightScribeLSSrvc.exe
C:Arquivos de programasArquivos comunsMicrosoft SharedVS7DEBUGMDM.EXE
C:Arquivos de programasNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32nvsvc32.exe
C:Arquivos de programasPanda SecurityPanda Internet Security 2008PsCtrlS.exe
C:Arquivos de programasPanda SecurityPanda Internet Security 2008PAVFNSVR.EXE
C:Arquivos de programasArquivos comunsPanda SoftwarePavShldPavPrSrv.exe
C:Arquivos de programasPanda SecurityPanda Internet Security 2008PAVSRV51.EXE
C:Arquivos de programasPanda SecurityPanda Internet Security 2008AVENGINE.EXE
C:Arquivos de programasPanda SecurityPanda Internet Security 2008AntiSpampskmssvc.exe
C:Arquivos de programasPanda SecurityPanda Internet Security 2008FIREWALLPSHost.exe
C:Arquivos de programasPanda SecurityPanda Internet Security 2008PsImSvc.exe
C:WINDOWSsystem32RioMSC.exe
C:WINDOWSsystem32svchost.exe
C:Arquivos de programasViewpointCommonViewpointService.exe
C:Arquivos de programasVonoSoftfone VonoSystemVono Manager.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32taskmgr.exe
C:WINDOWSSOUNDMAN.EXE
C:Arquivos de programasJavajre1.6.0_05binjusched.exe
C:Arquivos de programasScreenPrint32 v3ScreenPrint32.exe
C:Arquivos de programasViewpointViewpoint ManagerViewMgr.exe
C:WINDOWSsystem32spooldriversw32x863E_FATIABL.EXE
C:Arquivos de programasAutomatic UpdateAutoUpdate.exe
C:Arquivos de programasGoogleGmail Notifiergnotify.exe
C:WINDOWSsystem32spooldriversw32x863E_FATIABL.EXE
C:WINDOWSvsnpstd.exe
C:Arquivos de programasPanda SecurityPanda Internet Security 2008apvxdwin.exe
C:WINDOWSsystem32eTCrtMng.exe
C:WINDOWSsystem32aetcrss1.exe
C:Arquivos de programasWindows DefenderMSASCui.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSNoSleep.exe
C:Arquivos de programasiTunesiTunesHelper.exe
C:Arquivos de programasArquivos comunsRealUpdate_OBrealsched.exe
C:Arquivos de programasArquivos comunsPortrait DisplaysSharedHookManager.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32rundll32.exe
C:Arquivos de programasMicrosoft ActiveSyncwcescomm.exe
E:dss.exe
C:Arquivos de programasMicrosoft ActiveSyncrapimgr.exe
C:Arquivos de programasiPodbiniPodService.exe
C:Arquivos de programasPanda SecurityPanda Internet Security 2008SrvLoad.exe
C:Arquivos de programasPanda SecurityPanda Internet Security 2008WebProxy.exe
C:Arquivos de programasPanda SecurityPanda Internet Security 2008PavBckPT.exe
C:WINDOWSsystem32wuauclt.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com/ie
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.google.com/ie
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.google.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,Default_Search_URL = http://www.google.com/ie
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com/ie
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com/ie
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.google.com/ie
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.google.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,Default_Search_URL = http://www.google.com/ie
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com/ie
O1 - Hosts: 201.76.209.121 eastside.wjdomain.wj.com.br
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Arquivos de programasArquivos comunsAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {25921A31-8CDC-4F37-B6FF-99CCFF482F61} - (no file)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:Arquivos de programasScpadscpsssh2.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: WSOBHOObj Class - {4D0B671C-7F9A-4516-B4DB-D30F3A12EE26} - C:Arquivos de programasAladdineTokenWSOeTWSOBHO.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:Arquivos de programasGoogleWeb AcceleratorGoogleWebAccToolbar.dll
O2 - BHO: (no name) - {72DF000D-FECF-4088-9FC2-8F34F81CDFD4} - C:WINDOWSsystem32tuvSmmlj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Arquivos de programasJavajre1.6.0_05binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Arquivos de programasArquivos comunsMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: (no name) - {9163DEC6-1A7B-4100-935B-A0F967F3F291} - C:WINDOWSsystem32xxyayYol.dll
O2 - BHO: (no name) - {96F36639-0366-4D50-9A26-7DD70D1642AA} - C:WINDOWSsystem32khfGwWom.dll (file missing)
O2 - BHO: (no name) - {A7B05C2E-5ECE-49DD-9250-23AB14FA89DB} - (no file)
O2 - BHO: (no name) - {A8EEB996-62AA-4E48-995D-EADDCAC47476} - C:WINDOWSsystem32ljJBuvwu.dll
O2 - BHO: (no name) - {A937DE7C-8C02-4DDE-BEEC-E2F8459FA49C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Arquivos de programasGoogleGoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Arquivos de programasGoogleGoogleToolbarNotifier2.0.301.7164swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:Arquivos de programasGbPlugingbieh.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Arquivos de programasEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:Arquivos de programasEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Arquivos de programasGoogleGoogleToolbar4.dll
O3 - Toolbar: Web Sign On - {46832FF5-95B5-4654-88F4-7F5F37AD1FC2} - C:Arquivos de programasAladdineTokenWSOeTWSO.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:Arquivos de programasGoogleWeb AcceleratorGoogleWebAccToolbar.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NVMixerTray] "C:Arquivos de programasNVIDIA CorporationNvMixerNVMixerTray.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Arquivos de programasJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [ScreenPrint32] C:Arquivos de programasScreenPrint32 v3ScreenPrint32.exe -startup
O4 - HKLM..Run: [PowerS] C:WINDOWSPowerS.exe
O4 - HKLM..Run: [ISUSPM Startup] "C:Arquivos de programasArquivos comunsInstallShieldUpdateServiceisuspm.exe" -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Arquivos de programasArquivos comunsInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [Ink Monitor] C:Arquivos de programasEPSONInk MonitorInkMonitor.exe
O4 - HKLM..Run: [EPSON Stylus C87 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABL.EXE /P23 "EPSON Stylus C87 Series" /O6 "USB002" /M "Stylus C87"
O4 - HKLM..Run: [AutoUpdate] C:Arquivos de programasAutomatic UpdateAutoUpdate.exe
O4 - HKLM..Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:Arquivos de programasGoogleGmail Notifiergnotify.exe
O4 - HKLM..Run: [EPSON Stylus C87 Series (cópia 1)] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABL.EXE /P33 "EPSON Stylus C87 Series (cópia 1)" /O6 "USB003" /M "Stylus C87"
O4 - HKLM..Run: [snpstd] C:WINDOWSvsnpstd.exe
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [eTCertManger] C:WINDOWSsystem32eTCrtMng.exe
O4 - HKLM..Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM..Run: [Windows Defender] "C:Arquivos de programasWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [DT LGE] C:Arquivos de programasPortrait DisplaysforteManagerDTHtml.exe -startup_folder
O4 - HKLM..Run: [NoSleep_NewSoft] C:WINDOWSNoSleep.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Arquivos de programasAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Arquivos de programasQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Arquivos de programasiTunesiTunesHelper.exe"
O4 - HKLM..Run: [TkBellExe] "C:Arquivos de programasArquivos comunsRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [NeroFilterCheck] C:Arquivos de programasArquivos comunsNeroLibNeroCheck.exe
O4 - HKLM..Run: [NBKeyScan] "C:Arquivos de programasNeroNero8Nero BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [Flashget] C:Arquivos de programasFlashGetFlashGet.exe /min
O4 - HKLM..Run: [APVXDWIN] "C:Arquivos de programasPanda SecurityPanda Internet Security 2008APVXDWIN.EXE" /s
O4 - HKLM..Run: [SCANINICIO] "C:Arquivos de programasPanda SecurityPanda Internet Security 2008Inicio.exe"
O4 - HKLM..Run: [c4ee3562] rundll32.exe "C:WINDOWSsystem32bjvunlys.dll",b
O4 - HKCU..Run: [H/PC Connection Agent] "C:Arquivos de programasMicrosoft ActiveSyncwcescomm.exe"
O4 - HKCU..Run: [EPSON Stylus C87 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABL.EXE /P23 "EPSON Stylus C87 Series" /M "Stylus C87" /EF "HKCU"
O4 - HKCU..Run: [Skype] "C:Arquivos de programasSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [updateMgr] "C:Arquivos de programasAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU..Run: [swg] C:Arquivos de programasGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [ProxyWay] C:Arquivos de programasProxyWayproxyway.exe
O4 - HKCU..Run: [XdriveTrayIcon] "C:Arquivos de programasXdriveXdrive DesktopXdriveTray.exe"
O4 - HKCU..Run: [XdriveTray] "xdrive.exe" /trayicon
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:ARQUIV~1ARQUIV~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O4 - HKUS.DEFAULT..Run: [DWQueuedReporting] "C:ARQUIV~1ARQUIV~1MICROS~1DWdwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:Arquivos de programasArquivos comunsAdobeCalibrationAdobe Gamma Loader.exe
O4 - Startup: BrOffice.org 2.0.lnk = C:Arquivos de programasBrOffice.org 2.0programquickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BounceBack Launcher.lnk = C:Arquivos de programasCMS PeripheralsBounceBack ExpressBBLauncher.exe
O4 - Global Startup: BTTray.lnk = C:Arquivos de programasBelkinBluetooth SoftwareBTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:Arquivos de programasMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:Arquivos de programasGoogleWeb AcceleratorGoogleWebAccWarden.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:ARQUIV~1MICROS~3Office10EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:Arquivos de programasAnalogXBitPumpieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Arquivos de programasJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Arquivos de programasJavajre1.6.0_05binssv.dll
O9 - Extra button: Web Sign On - {1A69BF73-60DD-49b7-9251-F7A7D7070940} - (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:Arquivos de programasMicrosoft ActiveSyncINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:Arquivos de programasMicrosoft ActiveSyncINetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:Arquivos de programasMicrosoft ActiveSyncINetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Arquivos de programasBelkinBluetooth Softwarebtsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Arquivos de programasBelkinBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Arquivos de programasMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Arquivos de programasMessengermsmsgs.exe
O15 - Trusted Zone: http://amadeusproweb.com (HKLM)
O15 - ProtocolDefaults: Unknown 'hsp' protocol is in Internet Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'x-hsp' protocol is in Internet Zone (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...20025019,1,3000
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://eastside.wjdomain.wj.com.br/qp2.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://60.248.39.146:1025/RtspVaPgDec.cab
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - https://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} () - http://www.xdrive.com/downloads/std_install/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5DB05CB8-7751-469D-A1DD-45C8C201C013} (Blender 3D Plug-in Active X Control) - http://download.blender.org/release/plugin...der3DPlugin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120276223093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.26.downloads.estara.co...669187OneCC.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180755667281
O16 - DPF: {8BF7B588-F4AC-4A6E-AF63-F664449EED2E} (PDM Plugin2) - http://queens.wjdomain.wj.com.br:10038/wps...ts/DMPlugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab
O16 - DPF: {A9975532-CED9-45DA-AB04-8C03FDFFA09F} (Eucatex.Eucatex1) - http://www.eucatex.com.br/eucatex/Decorado...adorCliente.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/playe...5/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {D7959311-BFA5-11D4-AC33-0050DA92CB80} (VRmallViewer Class) - http://www.humandream.com/VRmall/Release/VRmall.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://genzyme.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} (TSBnwCam Control) - http://68.15.12.110:8012/user/TSBnwCam.CAB
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab
O17 - HKLMSYSTEMCCSServicesTcpip..{1D416A03-EE8C-43F2-B830-57CC43BD1FF7}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:Arquivos de programasArquivos comunsMicrosoft SharedWeb FoldersPKMCDO.DLL
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:WINDOWSsystem32eztoolslib.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:Arquivos de programasWindows LiveMessengermsgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:Arquivos de programasArquivos comunsMicrosoft SharedInformation RetrievalMSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:Arquivos de programasWindows LiveMessengermsgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:Arquivos de programasArquivos comunsMicrosoft SharedWeb Components10OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Arquivos de programasArquivos comunsSkypeSkype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:Arquivos de programasArquivos comunsMicrosoft SharedOFFICE11MSOXMLMF.DLL
O20 - Winlogon Notify: ljJBuvwu - C:WINDOWSsystem32ljJBuvwu.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:Arquivos de programasScpadscpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:Arquivos de programasScpadscpLIB.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:Arquivos de programasLavasoftAd-Aware 2007aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:Arquivos de programasArquivos comunsAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Arquivos de programasBonjourmDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:Arquivos de programasBelkinBluetooth Softwarebinbtwdins.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:Arquivos de programasArquivos comunsPortrait DisplaysSharedDTSRVC.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:WINDOWSsystem32E_S00RP1.EXE
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:WINDOWSsystem32eTSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Arquivos de programasArquivos comunsMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:Arquivos de programasGbPlugingbpsv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Arquivos de programasGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Arquivos de programasArquivos comunsInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:Arquivos de programasiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Arquivos de programasArquivos comunsLightScribeLSSrvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:Arquivos de programasArquivos comunsMacromedia SharedServiceMacromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:Arquivos de programasNeroNero8Nero
O23 - Service: NMIndexingService - Nero AG - C:Arquivos de programasArquivos comunsNeroLibNMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:Arquivos de programasPanda SecurityPanda Internet Security 2008PsCtrlS.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:Arquivos de programasPanda SecurityPanda Internet Security 2008PAVFNSVR.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Arquivos de programasArquivos comunsPanda SoftwarePavShldPavPrSrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Arquivos de programasPanda SecurityPanda Internet Security 2008PAVSRV51.EXE
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:Arquivos de programasPanda SecurityPanda Internet Security 2008AntiSpampskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:Arquivos de programasPanda SecurityPanda Internet Security 2008FIREWALLPSHost.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Arquivos de programasPanda SecurityPanda Internet Security 2008PsImSvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:WINDOWSsystem32RioMSC.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007Win32RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007RpcSandraSrv.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:WINDOWSsystem32SAgent4.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:Arquivos de programasPanda SecurityPanda Internet Security 2008TPSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Arquivos de programasViewpointCommonViewpointService.exe
O23 - Service: Vono Manager (Vono_Manager) - Unknown owner - C:Arquivos de programasVonoSoftfone VonoSystemVono Manager.exe


--
End of file - 26789 bytes

-- HijackThis Fixed Entries (E:backups) -------------------------------------

backup-20080411-193128-937 O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:WINDOWSsystem32SAgent4.exe

-- File Associations -----------------------------------------------------------

.js - JSFile - shellopencommand - C:ARQUIV~1PANDAS~1PANDAI~1PavScrip.exe "%1" %*
.vbs - VBSFile - shellopencommand - C:ARQUIV~1PANDAS~1PANDAI~1PavScrip.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Achernar (Achernar - SCSI Command Filters) - c:windowssystem32driversachernar.sys <Not Verified; NewSoft Technology Corporation; Achernar>
R0 acpispy (ACPI Spy CPU Filter Driver) - c:windowssystem32driversacpispy.sys <Not Verified; Advanced Micro Devices; AMD ACPI Spy CPU Filter Driver>
R0 giveio - c:windowssystem32giveio.sys
R0 speedfan - c:windowssystem32speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 amdtools (AMD Special Tools Driver) - c:windowssystem32driversamdtools.sys <Not Verified; AMD, Inc.; Special Tools Driver>
R2 BTSERIAL (Bluetooth Serial Driver) - c:windowssystem32driversbtserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:windowssystem32driversbtslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R2 portD (CMS PortIO Service) - c:windowssystem32driversportd2k.sys <Not Verified; CMS Peripherals, Inc.; BounceBack>
R2 Sentinel - c:windowssystem32driverssentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 Aldebaran (Aldebaran - SCSI Command Filters) - c:windowssystem32driversaldebaran.sys <Not Verified; NewSoft Technology Corporation; Aldebaran>
R3 AvFlt (Antivirus Filter Driver) - c:windowssystem32driversav5flt.sys (file missing)
R3 Eplpdx02 - c:windowssystem32driverseplpdx02.sys <Not Verified; MK Systems CO., LTD.; MK Systems LPT I/O Driver for Windows2000>
R3 NTIDrvr (Upper Class Filter Driver) - c:windowssystem32driversntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 PavSRK.sys - c:windowssystem32pavsrk.sys (file missing)
R3 PavTPK.sys - c:windowssystem32pavtpk.sys (file missing)
R3 pcouffin (VSO Software pcouffin) - c:windowssystem32driverspcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pdiddcci (DDC/CI monitor) - c:windowssystem32driverspdiddcci.sys <Not Verified; Portrait Displays, Inc.; Portrait Displays DDC/CI Monitor Device Driver>
R3 pfc (Padus ASPI Shell) - c:windowssystem32driverspfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S2 BT878 (BtCap, WDM Video Capture) - c:windowssystem32driversbt878.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S2 DS1410D - c:windowssystem32driversds1410d.sys (file missing)
S3 EagleNT - c:windowssystem32driverseaglent.sys (file missing)
S3 ezplay (VSO Software ezplay) - c:windowssystem32driversezplay.sys <Not Verified; VSO Software; ezplay driver>
S3 P2k (Motorola USB Device) - c:windowssystem32driversp2k.sys (file missing)
S3 RimUsb (Dispositivo BlackBerry) - c:windowssystem32driversrimusb.sys (file missing)
S3 Sntnlusb (Rainbow USB SuperPro) - c:windowssystem32driverssntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>
S3 TridDev (Trident Device) - c:windowssystem32driverstriddev.sys <Not Verified; Trident Microsystem Inc.; TV Master>
S3 tridhid (tridhid - USB 2.0 HID Driver) - c:windowssystem32driverstridhid.sys <Not Verified; Trident Multimedia Technologies Co.,Ltd; TV Master>
S3 TridVid (PlayTV 405 Analog Video) - c:windowssystem32driverstridvid.sys <Not Verified; Trident Multimedia Technologies Co.,Ltd; TV Master>
S3 WINIO - c:arquivos de programasmediarecover advancedwinio.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:arquivos de programasbonjourmdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 DTSRVC (Portrait Displays Display Tune Service) - c:arquivos de programasarquivos comunsportrait displaysshareddtsrvc.exe
R2 ETOKSRV (eToken Notification Service) - c:windowssystem32etsrv.exe <Not Verified; Aladdin Knowledge Systems, Ltd.; eToken RTE>
R2 Nero BackItUp Scheduler 3 - c:arquivos de programasneronero8nero backitupnbservice.exe
R2 RioMSC (Rio MSC Manager) - c:windowssystem32riomsc.exe <Not Verified; Digital Networks North America, Inc.; Rio Mass Storage Class Device Manager>
R2 Viewpoint Manager Service - "c:arquivos de programasviewpointcommonviewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 Vono_Manager (Vono Manager) - "c:arquivos de programasvonosoftfone vonosystemvono manager.exe"

S3 FLEXnet Licensing Service - "c:arquivos de programasarquivos comunsmacrovision sharedflexnet publisherfnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 SandraDataSrv (Sandra Data Service) - c:arquivos de programassisoftwaresisoftware sandra lite 2007win32rpcdatasrv.exe <Not Verified; SiSoftware; SiSoftware Sandra 2007 r3>
S3 SandraTheSrv (Sandra Service) - c:arquivos de programassisoftwaresisoftware sandra lite 2007rpcsandrasrv.exe <Not Verified; SiSoftware; SiSoftware Sandra 2007 r3>

0


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-11 19:55:14 346 --ah----- C:WINDOWSTasksMP Scheduled Scan.job


-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-11 13:55:05 0 d-------- C:WINDOWSsystem32pt-br
2008-04-11 13:26:38 86080 --a------ C:WINDOWSsystem32bjvunlys.dll
2008-04-11 13:23:34 3648 --a------ C:WINDOWSsystem32adycoymn.dll
2008-04-11 13:21:02 94784 --a------ C:WINDOWSsystem32ptxqruxb.dll
2008-04-11 11:53:57 0 d-------- C:3555bf56957c18e33242eef6592d
2008-04-10 16:24:33 277 --a------ C:WINDOWSsystem32PavCPL.dat
2008-04-10 16:24:24 258576 --a------ C:WINDOWSsystem32driversAPPFCONT.DAT
2008-04-10 16:23:06 0 d-------- C:WINDOWSsystem32PAV
2008-04-10 16:12:00 0 d-------- C:Arquivos de programasArquivos comunsPanda Software
2008-04-10 15:29:44 0 d-------- C:Arquivos de programasPanda Security
2008-04-10 11:26:34 86080 --a------ C:WINDOWSsystem32qhwmkita.dll
2008-04-10 11:23:34 3648 --a------ C:WINDOWSsystem32isdjpfdj.dll
2008-04-10 11:21:12 88640 --a------ C:WINDOWSsystem32kkvvrtab.dll
2008-04-10 11:20:33 183972 --ahs---- C:WINDOWSsystem32loYyayxx.ini2
2008-04-10 11:20:31 270848 --a------ C:WINDOWSsystem32xxyayYol.dll
2008-04-10 07:55:56 3648 --a------ C:WINDOWSsystem32pxvrvaxl.dll
2008-04-10 07:52:55 193212 --ahs---- C:WINDOWSsystem32moWwGfhk.ini2
2008-04-09 23:27:58 0 d-------- C:Arquivos de programasArquivos comunsSkype
2008-04-09 13:59:18 36352 --a------ C:WINDOWSsystem32ssqoolii.dll
2008-04-09 11:53:58 0 d-------- C:Arquivos de programasArquivos comunsNero
2008-04-09 11:52:23 47271 --ahs---- C:WINDOWSsystem32jlmmSvut.ini2
2008-04-09 11:46:52 36352 --a------ C:WINDOWSsystem32ljJBuvwu.dll
2008-04-09 11:27:42 16384 --a------ C:WINDOWSsystem32FileOps.exe
2008-04-07 14:45:35 0 d--hs--c- C:Arquivos de programasArquivos comunsWindowsLiveInstaller
2008-04-07 14:44:59 0 d-------- C:Arquivos de programasWindows Live
2008-04-07 11:33:52 98304 --a------ C:WINDOWSsystem32rsnpstd.dll <Not Verified; ; ResourceDLL>
2008-04-07 11:33:52 0 d-------- C:Arquivos de programasArquivos comunsVCAMEye
2008-03-31 09:01:39 0 d--hs---- C:WINDOWSCSC
2008-03-25 14:56:03 0 d-------- C:Arquivos de programasArquivos comunsxing shared
2008-03-25 14:55:12 0 d-------- C:Arquivos de programasArquivos comunsReal
2008-03-24 16:48:52 0 d-------- C:Documents and SettingsFabio Santos.ssh
2008-03-24 16:46:35 0 d-------- C:Documents and SettingsFabio Santos.nx
2008-03-24 12:14:11 0 d-------- C:Arquivos de programasSmartFTP Client 3.0 Setup Files
2008-03-15 13:33:38 0 d-------- C:Arquivos de programasBonjour
2008-03-15 13:25:04 0 d-------- C:Arquivos de programasArquivos comunsMacrovision Shared
2008-03-15 11:59:30 0 d-------- C:Arquivos de programasCrossFnt
2008-03-15 11:55:10 0 d-------- C:Arquivos de programasArquivos comunsFontLab
2008-03-15 11:55:09 0 d-------- C:Arquivos de programasFontLab
2008-03-15 11:49:01 0 d-------- C:Arquivos de programasAltsoft


-- Find3M Report ---------------------------------------------------------------

2008-04-11 19:55:58 437098 --a------ C:WINDOWSsystem32perfh016.dat
2008-04-11 19:55:58 72042 --a------ C:WINDOWSsystem32perfc016.dat
2008-04-11 19:12:34 0 d-------- C:Documents and SettingsFabio SantosDados de aplicativosskypePM
2008-04-11 19:12:33 0 d-------- C:Documents and SettingsFabio SantosDados de aplicativosSkype
2008-04-11 12:00:32 0 d-------- C:Arquivos de programashijack
2008-04-11 09:22:52 0 d-------- C:Arquivos de programasMicrosoft ActiveSync
2008-04-10 16:25:19 0 --a------ C:Documents and SettingsFabio SantosDados de aplicativos.googlewebacchosts
2008-04-10 16:23:04 0 d--h----- C:Arquivos de programasInstallShield Installation Information
2008-04-10 16:12:00 0 d-------- C:Arquivos de programasArquivos comuns
2008-04-10 12:40:45 0 d-------- C:Arquivos de programasRemote Queue Manager
2008-04-10 12:38:22 0 d-------- C:Arquivos de programasFlashGet
2008-04-09 14:31:14 0 d-------- C:Documents and SettingsFabio SantosDados de aplicativosuTorrent
2008-04-09 12:01:05 0 d-------- C:Documents and SettingsFabio SantosDados de aplicativosNero
2008-04-09 11:53:59 0 d-------- C:Arquivos de programasNero
2008-04-09 11:27:42 0 d-------- C:Arquivos de programasArquivos comunsAdobe
2008-04-07 15:18:51 3402 --a------ C:WINDOWSsystem32KGyGaAvL.sys
2008-04-06 13:16:07 0 d-------- C:Documents and SettingsFabio SantosDados de aplicativosAdobe
2008-04-06 11:24:20 55256 --a------ C:WINDOWSsystem32GDIPFONTCACHEV1.DAT
2008-04-06 11:21:35 0 d-------- C:Arquivos de programasZebraDesigner
2008-04-06 11:20:03 0 d-------- C:Arquivos de programasSSC Service Utility
2008-04-06 11:19:56 0 d-------- C:Arquivos de programasWebWriter3
2008-04-06 11:15:18 0 d-------- C:Arquivos de programasNewTech Infosystems
2008-04-06 11:10:24 0 d--h----- C:Arquivos de programasZero G Registry
2008-04-06 11:08:23 0 d-------- C:Arquivos de programasiWall 2.3.4
2008-04-06 11:07:28 0 d-------- C:Arquivos de programasHHD Software
2008-04-06 11:07:01 0 d-------- C:Arquivos de programasHaali
2008-04-06 11:05:54 0 d-------- C:Arquivos de programasBlueframe Web Trial
2008-04-06 11:05:35 0 d-------- C:Arquivos de programasVSO
2008-04-06 11:05:33 0 d-------- C:Documents and SettingsFabio SantosDados de aplicativosVso
2008-04-06 11:05:33 33 --a------ C:Documents and SettingsFabio SantosDados de aplicativosezplay.log
2008-04-06 11:05:32 94208 --a------ C:Documents and SettingsFabio SantosDados de aplicativosezplay.sys <Not Verified; VSO Software; ezplay driver>
2008-04-06 11:05:32 1104 --a------ C:Documents and SettingsFabio SantosDados de aplicativosezplay.inf
2008-04-06 11:05:32 7861 --a------ C:Documents and SettingsFabio SantosDados de aplicativosezplay.cat
2008-04-06 11:03:36 0 d-------- C:Arquivos de programasActiveState Komodo Edit 4.0
2008-04-03 22:50:52 56640 --a------ C:Documents and SettingsFabio SantosDados de aplicativosGDIPFONTCACHEV1.DAT
2008-04-03 09:08:03 0 d-------- C:Arquivos de programasJava
2008-03-31 00:01:53 0 d-------- C:Arquivos de programasSmartFTP Client
2008-03-25 14:59:09 0 d-------- C:Documents and SettingsFabio SantosDados de aplicativosReal
2008-03-10 23:02:28 0 d-------- C:Arquivos de programasiTunes
2008-03-10 23:02:19 0 d-------- C:Arquivos de programasiPod
2008-03-10 23:00:11 0 d-------- C:Arquivos de programasQuickTime
2008-03-07 12:44:36 0 d-------- C:Documents and SettingsFabio SantosDados de aplicativosPDM
2008-03-03 16:47:59 0 d-------- C:Documents and SettingsFabio SantosDados de aplicativosgtk-2.0
2008-03-03 10:29:36 0 d-------- C:Arquivos de programasProgramas RFB
2008-03-01 15:15:31 0 d-------- C:Documents and SettingsFabio SantosDados de aplicativosHeadwind SMS
2008-02-27 16:01:11 0 d-------- C:Arquivos de programasFunambol
2008-02-22 10:46:11 0 d-------- C:Arquivos de programasCyberLink
2008-02-22 10:40:06 0 d-------- C:Arquivos de programasffdshow
2008-02-22 10:23:53 16082 --a------ C:WINDOWSmozver.dat
2008-02-19 13:44:51 0 d-------- C:Arquivos de programasMozilla Thunderbird
2008-02-15 19:13:04 60273 -----n--- C:WINDOWSsystem32pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-02-15 19:13:04 7680 -----n--- C:WINDOWSsystem32ff_vfw.dll
2008-02-15 07:16:56 0 d-------- C:Arquivos de programasGbPlugin
2008-02-13 22:29:55 0 d-------- C:Arquivos de programasGoogle
2008-01-24 15:27:20 10431 --a------ C:Documents and SettingsFabio SantosDados de aplicativosunins000.dat
2008-01-24 15:26:31 683801 --a------ C:Documents and SettingsFabio SantosDados de aplicativosunins000.exe <Not Verified; ; Inno Setup>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE~Browser Helper Objects{25921A31-8CDC-4F37-B6FF-99CCFF482F61}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{72DF000D-FECF-4088-9FC2-8F34F81CDFD4}]
C:WINDOWSsystem32tuvSmmlj.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{9163DEC6-1A7B-4100-935B-A0F967F3F291}]
10/04/2008 11:20 270848 --a------ C:WINDOWSsystem32xxyayYol.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{96F36639-0366-4D50-9A26-7DD70D1642AA}]
C:WINDOWSsystem32khfGwWom.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{A7B05C2E-5ECE-49DD-9250-23AB14FA89DB}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{A8EEB996-62AA-4E48-995D-EADDCAC47476}]
09/04/2008 11:46 36352 --a------ C:WINDOWSsystem32ljJBuvwu.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{A937DE7C-8C02-4DDE-BEEC-E2F8459FA49C}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SoundMan"="SOUNDMAN.EXE" [18/06/2004 05:31 C:WINDOWSSOUNDMAN.EXE]
"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [29/06/2007 00:43]
"nwiz"="nwiz.exe" [29/06/2007 00:43 C:WINDOWSsystem32nwiz.exe]
"NVMixerTray"="C:Arquivos de programasNVIDIA CorporationNvMixerNVMixerTray.exe" [03/06/2004 20:51]
"SunJavaUpdateSched"="C:Arquivos de programasJavajre1.6.0_05binjusched.exe" [22/02/2008 04:25]
"ScreenPrint32"="C:Arquivos de programasScreenPrint32 v3ScreenPrint32.exe" [15/05/2003 20:36]
"PowerS"="C:WINDOWSPowerS.exe" []
"ISUSPM Startup"="C:Arquivos de programasArquivos comunsInstallShieldUpdateServiceisuspm.exe" [11/08/2005 16:30]
"ISUSScheduler"="C:Arquivos de programasArquivos comunsInstallShieldUpdateServiceissch.exe" [11/08/2005 16:30]
"Ink Monitor"="C:Arquivos de programasEPSONInk MonitorInkMonitor.exe" [05/05/2004 13:54]
"EPSON Stylus C87 Series"="C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABL.exe" [27/01/2005 04:00]
"AutoUpdate"="C:Arquivos de programasAutomatic UpdateAutoUpdate.exe" [12/03/2003 14:32]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:Arquivos de programasGoogleGmail Notifiergnotify.exe" [15/07/2005 18:48]
"EPSON Stylus C87 Series (cópia 1)"="C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABL.exe" [27/01/2005 04:00]
"snpstd"="C:WINDOWSvsnpstd.exe" [10/06/2004 13:48]
"KernelFaultCheck"="C:WINDOWSsystem32dumprep 0 -k" []
"eTCertManger"="C:WINDOWSsystem32eTCrtMng.exe" [25/01/2006 15:03]
"CertificateRegistration"="aetcrss1.exe" [29/07/2005 16:15 C:WINDOWSsystem32aetcrss1.exe]
"Windows Defender"="C:Arquivos de programasWindows DefenderMSASCui.exe" [03/11/2006 18:20]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 04:45 C:WINDOWSsystem32bthprops.cpl]
"NvMediaCenter"="C:WINDOWSsystem32NvMcTray.dll" [29/06/2007 00:43]
"DT LGE"="C:Arquivos de programasPortrait DisplaysforteManagerDTHtml.exe" [12/06/2007 12:32]
"NoSleep_NewSoft"="C:WINDOWSNoSleep.exe" [17/08/2006 01:44]
"Adobe Reader Speed Launcher"="C:Arquivos de programasAdobeReader 8.0ReaderReader_sl.exe" [11/01/2008 21:16]
"QuickTime Task"="C:Arquivos de programasQuickTimeQTTask.exe" [31/01/2008 23:13]
"iTunesHelper"="C:Arquivos de programasiTunesiTunesHelper.exe" [19/02/2008 13:10]
"TkBellExe"="C:Arquivos de programasArquivos comunsRealUpdate_OBrealsched.exe" [25/03/2008 14:55]
"NeroFilterCheck"="C:Arquivos de programasArquivos comunsNeroLibNeroCheck.exe" [01/03/2007 14:57]
"NBKeyScan"="C:Arquivos de programasNeroNero8Nero BackItUpNBKeyScan.exe" [03/12/2007 14:21]
"Flashget"="C:Arquivos de programasFlashGetFlashGet.exe" []
"APVXDWIN"="C:Arquivos de programasPanda SecurityPanda Internet Security 2008APVXDWIN.exe" [23/11/2007 14:33]
"SCANINICIO"="C:Arquivos de programasPanda SecurityPanda Internet Security 2008Inicio.exe" [11/07/2007 14:17]
"c4ee3562"="C:WINDOWSsystem32bjvunlys.dll" [11/04/2008 13:26]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"H/PC Connection Agent"="C:Arquivos de programasMicrosoft ActiveSyncwcescomm.exe" [26/06/2006 16:13]
"EPSON Stylus C87 Series"="C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABL.exe" [27/01/2005 04:00]
"Skype"="C:Arquivos de programasSkypePhoneSkype.exe" [01/02/2008 17:22]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [04/08/2004 04:45]
"eyeBeam SIP Client"="" []
"updateMgr"="C:Arquivos de programasAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" []
"swg"="C:Arquivos de programasGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [05/07/2007 12:20]
"ProxyWay"="C:Arquivos de programasProxyWayproxyway.exe" []
"XdriveTrayIcon"="C:Arquivos de programasXdriveXdrive DesktopXdriveTray.exe" []
"XdriveTray"="xdrive.exe" []

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]
"DWQueuedReporting"="C:ARQUIV~1ARQUIV~1MICROS~1DWdwtrig20.exe" -t

C:Documents and SettingsFabio SantosMenu IniciarProgramasInicializar
Adobe Gamma.lnk - C:Arquivos de programasArquivos comunsAdobeCalibrationAdobe Gamma Loader.exe [22/6/2005 11:19:07]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
"{A3717295-941D-416F-9384-ED1736729F1C}"= C:Arquivos de programasScpadscpLIB.dll [30/04/2007 20:43 128512]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:ARQUIV~1GbPlugingbieh.dll [03/12/2007 15:30 347976]
"{A8EEB996-62AA-4E48-995D-EADDCAC47476}"= C:WINDOWSsystem32ljJBuvwu.dll [09/04/2008 11:46 36352]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:Arquivos de programasScpadscpLIB.dll [30/04/2007 20:43 128512]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify GbPluginBb]
C:ARQUIV~1GbPlugingbieh.dll 03/12/2007 15:30 347976 C:ARQUIV~1GbPlugingbieh.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavldr]
avldr.dll 15/02/2007 19:02 50736 C:WINDOWSsystem32avldr.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyljJBuvwu]
ljJBuvwu.dll 09/04/2008 11:46 36352 C:WINDOWSsystem32ljJBuvwu.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify__GbPluginBb]
C:ARQUIVOS DE PROGRAMASGBPLUGINgbieh.dll 03/12/2007 15:30 347976 C:Arquivos de programasGbPlugingbieh.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
"Authentication Packages"= msv1_0 C:WINDOWSsystem32xxyayYol

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvds]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs BthServ


[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsaetsprov]
C:WINDOWSsystem32regsvr32.exe /s C:WINDOWSsystem32aetsprov.dll



-- Hosts -----------------------------------------------------------------------

201.76.209.121 eastside.wjdomain.wj.com.br
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

8145 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-11 20:04:16 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Portuguese

CPU 0: AMD Athlon™ 64 Processor 2800+
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 1023.3 MiB / 384.95 MiB
Pagefile Memory (total/avail): 1690.99 MiB / 1096.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1895.74 MiB

C: is Fixed (NTFS) - 111.78 GiB total, 30.17 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)
V: is CDROM (No Media)

.PHYSICALDRIVE0 - ST3120827AS - 111.79 GiB - 1 partition
PARTITION0 (bootable) - Sistema de arquivos instalável - 111.78 GiB - C:

.PHYSICALDRIVE1 - SanDisk Cruzer Mini USB Device - 486.34 MiB - 1 partition
PARTITION0 - MS-DOS V4 Huge - 488.14 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Panda Internet Security 2008 v12.01.00 (Panda Security)
AV: Panda Internet Security 2008 v12.01.00 (Panda Security)

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Arquivos de programasMicrosoft ActiveSyncrapimgr.exe"="C:Arquivos de programasMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:Arquivos de programasMicrosoft ActiveSyncwcescomm.exe"="C:Arquivos de programasMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:Arquivos de programasMicrosoft ActiveSyncWCESMgr.exe"="C:Arquivos de programasMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007sandra.exe"="C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007RpcSandraSrv.exe"="C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007Win32RpcDataSrv.exe"="C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007Win32RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:Arquivos de programasWindows LiveMessengermsnmsgr.exe"="C:Arquivos de programasWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:Arquivos de programasWindows LiveMessengerlivecall.exe"="C:Arquivos de programasWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Arquivos de programasMessengermsmsgs.exe"="C:Arquivos de programasMessengermsmsgs.exe:*:Enabled:Windows Messenger"
"C:Arquivos de programasSmartFTPSmartFTP.exe"="C:Arquivos de programasSmartFTPSmartFTP.exe:*:Enabled:SmartFTP Client"
"C:Arquivos de programasQuickTimeQuickTimePlayer.exe"="C:Arquivos de programasQuickTimeQuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:Arquivos de programasVideoLANVLCvlc.exe"="C:Arquivos de programasVideoLANVLCvlc.exe:*:Enabled:VLC media player"
"C:WINDOWSsystem32spooldriversw32x863SAGENT4.EXE"="C:WINDOWSsystem32spooldriversw32x863SAGENT4.EXE:*:Enabled:SAgent4"
"C:Arquivos de programasInternet Exploreriexplore.exe"="C:Arquivos de programasInternet Exploreriexplore.exe:*:Enabled:Internet Explorer"
"C:Arquivos de programasMozilla Firefoxfirefox.exe"="C:Arquivos de programasMozilla Firefoxfirefox.exe:*:Enabled:Firefox"
"C:Arquivos de programasRioRio Music Managerriomm.exe"="C:Arquivos de programasRioRio Music Managerriomm.exe:*:Enabled:Rio Music Manager"
"C:Arquivos de programasGoogleGoogle Talkgoogletalk.exe"="C:Arquivos de programasGoogleGoogle Talkgoogletalk.exe:*:Enabled:Google Talk"
"C:Arquivos de programasProxyWayproxyway.exe"="C:Arquivos de programasProxyWayproxyway.exe:*:Enabled:proxyway"
"C:Arquivos de programasAliasMaya6.0binmaya.exe"="C:Arquivos de programasAliasMaya6.0binmaya.exe:*:Enabled:Maya"
"C:Arquivos de programasAliasMaya6.0binmayabatch.exe"="C:Arquivos de programasAliasMaya6.0binmayabatch.exe:*:Enabled:MayaBatch"
"C:Arquivos de programasMotorolaPSTpst.exe"="C:Arquivos de programasMotorolaPSTpst.exe:*:Enabled:PST"
"C:sneszsnesw.exe"="C:sneszsnesw.exe:*:Enabled:zsnesw"
"C:Arquivos de programasSync4j 2.3toolsjre-1.4.2jrebinjavaw.exe"="C:Arquivos de programasSync4j 2.3toolsjre-1.4.2jrebinjavaw.exe:*:Enabled:javaw"
"C:Arquivos de programasFunamboltoolsjre-1.5.0jrebinjavaw.exe"="C:Arquivos de programasFunamboltoolsjre-1.5.0jrebinjavaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:Arquivos de programasLimeWireLimeWire.exe"="C:Arquivos de programasLimeWireLimeWire.exe:*:Enabled:LimeWire"
"C:Arquivos de programasMicrosoft ActiveSyncrapimgr.exe"="C:Arquivos de programasMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:Arquivos de programasMicrosoft ActiveSyncwcescomm.exe"="C:Arquivos de programasMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:Arquivos de programasMicrosoft ActiveSyncWCESMgr.exe"="C:Arquivos de programasMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:wampApache2binApache.exe"="C:wampApache2binApache.exe:*:Enabled:Apache HTTP Server"
"C:Arquivos de programasxamppapachebinapache.exe"="C:Arquivos de programasxamppapachebinapache.exe:*:Enabled:Apache HTTP Server"
"C:Arquivos de programasxamppmysqlbinmysqld.exe"="C:Arquivos de programasxamppmysqlbinmysqld.exe:*:Enabled:mysqld"
"C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007sandra.exe"="C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007RpcSandraSrv.exe"="C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007Win32RpcDataSrv.exe"="C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007Win32RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:Arquivos de programasNeroNero 7Nero HomeNeroHome.exe"="C:Arquivos de programasNeroNero 7Nero HomeNeroHome.exe:*:Enabled:Nero Home"
"C:WINDOWSsystem32rtcshare.exe"="C:WINDOWSsystem32rtcshare.exe:*:Enabled:Compartilhamento de aplicativo RTC"
"C:Arquivos de programasNetMeetingconf.exe"="C:Arquivos de programasNetMeetingconf.exe:*:Enabled:Windows® NetMeeting®"
"C:Arquivos de programasNCH Swift SoundTalktalk.exe"="C:Arquivos de programasNCH Swift SoundTalktalk.exe:*:Enabled:talk"
"C:Arquivos de programasBitCometBitComet.exe"="C:Arquivos de programasBitCometBitComet.exe:*:Disabled:BitComet - a BitTorrent Client"
"C:Arquivos de programasBitTorrentbittorrent.exe"="C:Arquivos de programasBitTorrentbittorrent.exe:*:Disabled:BitTorrent"
"C:Arquivos de programassoftnyxGunBoundGunBound.gme"="C:Arquivos de programassoftnyxGunBoundGunBound.gme:*:Disabled:GunBound"
"C:Arquivos de programasOnGameGunboundWCGunBound.gme"="C:Arquivos de programasOnGameGunboundWCGunBound.gme:*:Disabled:GunBound"
"C:Arquivos de programassoftnyxGunBoundGunBound.exe"="C:Arquivos de programassoftnyxGunBoundGunBound.exe:*:Disabled:GunBound Startup Application"
"C:Arquivos de programasCounterPathX-Litex-lite.exe"="C:Arquivos de programasCounterPathX-Litex-lite.exe:*:Enabled:X-Lite"
"C:Documents and SettingsFabio SantosMeus documentosTesteVono.exe"="C:Documents and SettingsFabio SantosMeus documentosTesteVono.exe:*:Enabled:TesteVono"
"C:Arquivos de programasVonoSoftPhone_GVT.exe"="C:Arquivos de programasVonoSoftPhone_GVT.exe:*:Enabled:SoftPhone_GVT"
"C:Documents and SettingsFabio SantosDesktopsipuraupg-spa3102-5-1-5-GWa.exe"="C:Documents and SettingsFabio SantosDesktopsipuraupg-spa3102-5-1-5-GWa.exe:*:Enabled:upg-spa3102-5-1-5-GWa"
"C:Documents and SettingsFabio SantosConfigurações locaisTempRar$EX00.031slogsrv.exe"="C:Documents and SettingsFabio SantosConfigurações locaisTempRar$EX00.031slogsrv.exe:*:Enabled:slogsrv"
"C:Arquivos de programasMySQLMySQL Server 5.0binmysqld-max-nt.exe"="C:Arquivos de programasMySQLMySQL Server 5.0binmysqld-max-nt.exe:*:Enabled:mysqld-max-nt"
"C:Arquivos de programasJavajre1.5.0_11binjavaw.exe"="C:Arquivos de programasJavajre1.5.0_11binjavaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:Arquivos de programasReallusionCrazyTalk for SkypeCT4Skype.exe"="C:Arquivos de programasReallusionCrazyTalk for SkypeCT4Skype.exe:*:Enabled:CrazyTalk"
"C:Documents and SettingsFabio SantosConfigurações locaisTempocc.exe"="C:Documents and SettingsFabio SantosConfigurações locaisTempocc.exe:*:Enabled:OneCC Module"
"C:ProgrammeTerraSip PhonerTerraSip Phoner.exe"="C:ProgrammeTerraSip PhonerTerraSip Phoner.exe:*:Enabled:VoIP Softphone"
"C:Arquivos de programasXdriveXdrive DesktopXdRunner.exe"="C:Arquivos de programasXdriveXdrive DesktopXdRunner.exe:*:Enabled:XdRunner.exe"
"C:Arquivos de programasXdriveXdrive DesktopXdrSmb.exe"="C:Arquivos de programasXdriveXdrive DesktopXdrSmb.exe:*:Enabled:XdrSmb.exe"
"C:WINDOWSPCHealthHelpCtrBinarieshelpctr.exe"="C:WINDOWSPCHealthHelpCtrBinarieshelpctr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz"
"C:Arquivos de programasJavajre1.6.0_02binjavaw.exe"="C:Arquivos de programasJavajre1.6.0_02binjavaw.exe:*:Enabled:Java™ Platform SE binary"
"C:Arquivos de programasAnalogXBitPumpbitpump.exe"="C:Arquivos de programasAnalogXBitPumpbitpump.exe:*:Disabled:BitPump"
"C:Arquivos de programasResearch In MotionBlackBerry Device Simulators 4.1.0Device Simulators 4.1.0.286fledge.exe"="C:Arquivos de programasResearch In MotionBlackBerry Device Simulators 4.1.0Device Simulators 4.1.0.286fledge.exe:*:Disabled:BlackBerry Handheld Simulator"
"C:Arquivos de programasAzureusAzureus.exe"="C:Arquivos de programasAzureusAzureus.exe:*:Enabled:Azureus"
"C:Arquivos de programasSecondLifeSLVoice.exe"="C:Arquivos de programasSecondLifeSLVoice.exe:*:Enabled:SLVoice"
"C:Arquivos de programasJoostxulrunnertvprunner.exe"="C:Arquivos de programasJoostxulrunnertvprunner.exe:*:Enabled:tvprunner"
"C:Arquivos de programasuTorrentuTorrent.exe"="C:Arquivos de programasuTorrentuTorrent.exe:*:Enabled:µTorrent"
"C:Arquivos de programasFlashGetflashget.exe"="C:Arquivos de programasFlashGetflashget.exe:*:Enabled:Flashget"
"C:Arquivos de programasiTunesiTunes.exe"="C:Arquivos de programasiTunesiTunes.exe:*:Enabled:iTunes"
"C:Arquivos de programasBonjourmDNSResponder.exe"="C:Arquivos de programasBonjourmDNSResponder.exe:*:Enabled:Bonjour"
"C:Arquivos de programasNX Client for Windowsnxclient.exe"="C:Arquivos de programasNX Client for Windowsnxclient.exe:*:Enabled:nxclient"
"C:Arquivos de programasNX Client for Windowsbinnxssh.exe"="C:Arquivos de programasNX Client for Windowsbinnxssh.exe:*:Enabled:nxssh"
"C:Documents and SettingsFabio Santos.nxpluginWindowsnxclient.exe"="C:Documents and SettingsFabio Santos.nxpluginWindowsnxclient.exe:*:Enabled:nxclient"
"C:Arquivos de programasSmartFTP ClientSmartFTP.exe"="C:Arquivos de programasSmartFTP ClientSmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:Arquivos de programasWindows LiveMessengermsnmsgr.exe"="C:Arquivos de programasWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:Arquivos de programasWindows LiveMessengerlivecall.exe"="C:Arquivos de programasWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:Arquivos de programasNeroNero8Nero Burning Romnero.exe"="C:Arquivos de programasNeroNero8Nero Burning Romnero.exe:*:Enabled:Nero Express"
"C:Arquivos de programaseMuleemule.exe"="C:Arquivos de programaseMuleemule.exe:*:Disabled:eMule"
"C:Arquivos de programasiWall 2.3.4iwall_gtk.exe"="C:Arquivos de programasiWall 2.3.4iwall_gtk.exe:*:Disabled:iWall"
"C:Arquivos de programasXdriveXdrive Desktopxdrive.exe"="C:Arquivos de programasXdriveXdrive Desktopxdrive.exe:*:Disabled:Xdrive Desktop"
"C:Arquivos de programasSkypePhoneSkype.exe"="C:Arquivos de programasSkypePhoneSkype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsFabio SantosDados de aplicativos
CLASSPATH=.;C:Arquivos de programasJavajre1.6.0_03libextQTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:Arquivos de programasArquivos comuns
COMPUTERNAME=PINOT
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsFabio Santos
LOGONSERVER=PINOT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Arquivos de programasFastSum;C:Arquivos de programasArquivos comunsAdobeAGL;C:Arquivos de programasQuickTimeQTSystem;C:Arquivos de programasSierra WirelessVoq Desktop Tools;C:Arquivos de programasQuickTimeQTSystem;C:Arquivos de programasPanda SecurityPanda Internet Security 2008;;C:ARQUIV~1ARQUIV~1MUVEET~1030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 8, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0408
ProgramFiles=C:Arquivos de programas
PROMPT=$P$G
QTJAVA=C:Arquivos de programasJavajre1.6.0_03libextQTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1FABIOS~1CONFIG~1Temp
TMP=C:DOCUME~1FABIOS~1CONFIG~1Temp
USERDOMAIN=PINOT
USERNAME=Fabio Santos
USERPROFILE=C:Documents and SettingsFabio Santos
windir=C:WINDOWS


-- User Profiles ---------------------------------------------------------------

Fabio Santos (admin)
Fabio Dittz (admin)
Daniel Santos (admin)
Daniel Heredia (admin)
Ricardo


-- Add/Remove Programs ---------------------------------------------------------

--> C:Arquivos de programasArquivos comunsRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
--> C:Arquivos de programasDivXDivXConverterUninstall.exe /CONVERTER
--> C:Arquivos de programasNeroNero8nerouninstallUNNERO.exe /UNINSTALL
--> C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
--> C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
--> C:WINDOWSUNNeroShowTime.exe /UNINSTALL
--> C:WINDOWSUNNeroVision.exe /UNINSTALL
--> C:WINDOWSUNRecode.exe /UNINSTALL
--> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{3BB529C7-855D-11D7-8444-0050BA1D384D}setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> C:Arquivos de programasArquivos comunsAdobeInstallers6c8e2cb4fd241c55406016127a6ab2eSetup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:Arquivos de programasArquivos comunsAdobeInstallers3e054d2218e7aa282c2369d939e58ffSetup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:Arquivos de programasArquivos comunsAdobeInstallersc3c7fe8b09d497ab2b3fd91c9353390Setup.exe
Adobe Flash Player 9 ActiveX --> C:WINDOWSsystem32MacromedFlashFlashUtil9b.exe -uninstallDelete
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player Plugin --> C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{EFB21DE7-8C19-4A88-BB28-A766E16493BC}setup.exe" -l0x9
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 - Português --> MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81200000003}
Adobe Reader Chinese Traditional Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2448-0000-705000000001}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe SVG Viewer 6.0 --> C:Arquivos de programasArquivos comunsAdobeSVG Viewer 6.0UninstallWinstall.exe -u -fC:Arquivos de programasArquivos comunsAdobeSVG Viewer 6.0UninstallInstall.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Alias MotionBuilder Personal Learning Edition 7 --> C:ARQUIV~1ARQUIV~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{7F2AB5FA-6BD5-4C4F-8BB3-F700389EFD19}
AMD PowerNow! DashBoard --> MsiExec.exe /X{125EC603-A758-464D-9604-57E84EBBAAA5}
Anvil Studio --> C:WINDOWSST5UNST.EXE -n "C:Arquivos de programasAnvil StudioST5UNST.000"
Assinador Digital ARISP - Versão 1.5 --> "C:Arquivos de programasARISPunins000.exe"
Assinador SERASA --> C:WINDOWSst6unst.exe -n "C:Arquivos de programasAssinador SERASAST6UNST.LOG"
Astrum InstallWizard 2 --> C:WINDOWSAstrum InstallWizard 2 Uninstaller.exe
Athlon 64 Processor Driver --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{C151CE54-E7EA-4804-854B-F515368B0798}setup.exe" -l0x416
µTorrent --> "C:Arquivos de programasuTorrentuTorrent.exe" /UNINSTALL
Atualização de Segurança para Windows XP (KB883939) --> "C:WINDOWS$NtUninstallKB883939$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB890046) --> "C:WINDOWS$NtUninstallKB890046$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB893066) --> "C:WINDOWS$NtUninstallKB893066$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB893756) --> "C:WINDOWS$NtUninstallKB893756$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB896358) --> "C:WINDOWS$NtUninstallKB896358$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB896422) --> "C:WINDOWS$NtUninstallKB896422$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB896423) --> "C:WINDOWS$NtUninstallKB896423$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB896424) --> "C:WINDOWS$NtUninstallKB896424$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB896428) --> "C:WINDOWS$NtUninstallKB896428$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB896688) --> "C:WINDOWS$NtUninstallKB896688$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB899587) --> "C:WINDOWS$NtUninstallKB899587$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB899588) --> "C:WINDOWS$NtUninstallKB899588$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB899589) --> "C:WINDOWS$NtUninstallKB899589$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB899591) --> "C:WINDOWS$NtUninstallKB899591$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB900725) --> "C:WINDOWS$NtUninstallKB900725$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB901017) --> "C:WINDOWS$NtUninstallKB901017$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB901190) --> "C:WINDOWS$NtUninstallKB901190$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB901214) --> "C:WINDOWS$NtUninstallKB901214$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB902400) --> "C:WINDOWS$NtUninstallKB902400$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB903235) --> "C:WINDOWS$NtUninstallKB903235$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB904706) --> "C:WINDOWS$NtUninstallKB904706$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB905414) --> "C:WINDOWS$NtUninstallKB905414$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB905749) --> "C:WINDOWS$NtUninstallKB905749$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB905915) --> "C:WINDOWS$NtUninstallKB905915$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB908519) --> "C:WINDOWS$NtUninstallKB908519$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB908531) --> "C:WINDOWS$NtUninstallKB908531$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB911280) --> "C:WINDOWS$NtUninstallKB911280$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB911562) --> "C:WINDOWS$NtUninstallKB911562$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB911567) --> "C:WINDOWS$NtUninstallKB911567$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB911927) --> "C:WINDOWS$NtUninstallKB911927$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB912812) --> "C:WINDOWS$NtUninstallKB912812$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB912919) --> "C:WINDOWS$NtUninstallKB912919$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB913446) --> "C:WINDOWS$NtUninstallKB913446$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB913580) --> "C:WINDOWS$NtUninstallKB913580$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB914388) --> "C:WINDOWS$NtUninstallKB914388$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB914389) --> "C:WINDOWS$NtUninstallKB914389$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB916281) --> "C:WINDOWS$NtUninstallKB916281$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB917159) --> "C:WINDOWS$NtUninstallKB917159$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB917344) --> "C:WINDOWS$NtUninstallKB917344$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB917422) --> "C:WINDOWS$NtUninstallKB917422$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB917953) --> "C:WINDOWS$NtUninstallKB917953$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB918118) --> "C:WINDOWS$NtUninstallKB918118$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB918439) --> "C:WINDOWS$NtUninstallKB918439$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB918899) --> "C:WINDOWS$NtUninstallKB918899$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB919007) --> "C:WINDOWS$NtUninstallKB919007$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB920213) --> "C:WINDOWS$NtUninstallKB920213$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB920214) --> "C:WINDOWS$NtUninstallKB920214$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB920670) --> "C:WINDOWS$NtUninstallKB920670$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB920683) --> "C:WINDOWS$NtUninstallKB920683$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB920685) --> "C:WINDOWS$NtUninstallKB920685$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB921398) --> "C:WINDOWS$NtUninstallKB921398$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB921503) --> "C:WINDOWS$NtUninstallKB921503$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB921883) --> "C:WINDOWS$NtUninstallKB921883$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB922616) --> "C:WINDOWS$NtUninstallKB922616$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB922760) --> "C:WINDOWS$NtUninstallKB922760$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB922819) --> "C:WINDOWS$NtUninstallKB922819$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB923191) --> "C:WINDOWS$NtUninstallKB923191$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB923414) --> "C:WINDOWS$NtUninstallKB923414$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB923689) --> "C:WINDOWS$NtUninstallKB923689$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB923694) --> "C:WINDOWS$NtUninstallKB923694$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB923980) --> "C:WINDOWS$NtUninstallKB923980$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB924191) --> "C:WINDOWS$NtUninstallKB924191$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB924270) --> "C:WINDOWS$NtUninstallKB924270$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB924496) --> "C:WINDOWS$NtUninstallKB924496$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB924667) --> "C:WINDOWS$NtUninstallKB924667$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB925454) --> "C:WINDOWS$NtUninstallKB925454$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB925486) --> "C:WINDOWS$NtUninstallKB925486$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB925902) --> "C:WINDOWS$NtUninstallKB925902$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB926255) --> "C:WINDOWS$NtUninstallKB926255$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB926436) --> "C:WINDOWS$NtUninstallKB926436$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB927779) --> "C:WINDOWS$NtUninstallKB927779$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB927802) --> "C:WINDOWS$NtUninstallKB927802$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB928090) --> "C:WINDOWS$NtUninstallKB928090$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB928255) --> "C:WINDOWS$NtUninstallKB928255$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB928843) --> "C:WINDOWS$NtUninstallKB928843$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB929123) --> "C:WINDOWS$NtUninstallKB929123$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB929969) --> "C:WINDOWS$NtUninstallKB929969$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB930178) --> "C:WINDOWS$NtUninstallKB930178$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB931261) --> "C:WINDOWS$NtUninstallKB931261$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB931768) --> "C:WINDOWS$NtUninstallKB931768$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB931784) --> "C:WINDOWS$NtUninstallKB931784$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB932168) --> "C:WINDOWS$NtUninstallKB932168$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB933566) --> "C:WINDOWS$NtUninstallKB933566$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB933729) --> "C:WINDOWS$NtUninstallKB933729$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB935839) --> "C:WINDOWS$NtUninstallKB935839$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB935840) --> "C:WINDOWS$NtUninstallKB935840$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB936021) --> "C:WINDOWS$NtUninstallKB936021$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB937143) --> "C:WINDOWS$NtUninstallKB937143$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB937894) --> "C:WINDOWS$NtUninstallKB937894$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB938127) --> "C:WINDOWS$NtUninstallKB938127$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB938829) --> "C:WINDOWS$NtUninstallKB938829$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB939653) --> "C:WINDOWS$NtUninstallKB939653$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB941202) --> "C:WINDOWS$NtUninstallKB941202$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB941568) --> "C:WINDOWS$NtUninstallKB941568$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB941569) --> "C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB941644) --> "C:WINDOWS$NtUninstallKB941644$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB941693) --> "C:WINDOWS$NtUninstallKB941693$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB942615) --> "C:WINDOWS$NtUninstallKB942615$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB943055) --> "C:WINDOWS$NtUninstallKB943055$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB943460) --> "C:WINDOWS$NtUninstallKB943460$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB943485) --> "C:WINDOWS$NtUninstallKB943485$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB944338) --> "C:WINDOWS$NtUninstallKB944338$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB944533) --> "C:WINDOWS$NtUninstallKB944533$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB944653) --> "C:WINDOWS$NtUninstallKB944653$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB945553) --> "C:WINDOWS$NtUninstallKB945553$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB946026) --> "C:WINDOWS$NtUninstallKB946026$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB947864) --> "C:WINDOWS$NtUninstallKB947864$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB948590) --> "C:WINDOWS$NtUninstallKB948590$spuninstspuninst.exe"
Atualização de Segurança para Windows XP (KB948881) --> "C:WINDOWS$NtUninstallKB948881$spuninstspuninst.exe"
Atualização para Windows XP (KB894391) --> "C:WINDOWS$NtUninstallKB894391$spuninstspuninst.exe"
Atualização para Windows XP (KB896727) --> "C:WINDOWS$NtUninstallKB896727$spuninstspuninst.exe"
Atualização para Windows XP (KB898461) --> "C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe"
Atualização para Windows XP (KB900485) --> "C:WINDOWS$NtUninstallKB900485$spuninstspuninst.exe"
Atualização para Windows XP (KB910437) --> "C:WINDOWS$NtUninstallKB910437$spuninstspuninst.exe"
Atualização para Windows XP (KB916595) --> "C:WINDOWS$NtUninstallKB916595$spuninstspuninst.exe"
Atualização para Windows XP (KB920872) --> "C:WINDOWS$NtUninstallKB920872$spuninstspuninst.exe"
Atualização para Windows XP (KB922582) --> "C:WINDOWS$NtUninstallKB922582$spuninstspuninst.exe"
Atualização para Windows XP (KB927891) --> "C:WINDOWS$NtUninstallKB927891$spuninstspuninst.exe"
Atualização para Windows XP (KB929338) --> "C:WINDOWS$NtUninstallKB929338$spuninstspuninst.exe"
Atualização para Windows XP (KB930916) --> "C:WINDOWS$NtUninstallKB930916$spuninstspuninst.exe"
Atualização para Windows XP (KB931836) --> "C:WINDOWS$NtUninstallKB931836$spuninstspuninst.exe"
Atualização para Windows XP (KB933360) --> "C:WINDOWS$NtUninstallKB933360$spuninstspuninst.exe"
Atualização para Windows XP (KB938828) --> "C:WINDOWS$NtUninstallKB938828$spuninstspuninst.exe"
Atualização para Windows XP (KB942763) --> "C:WINDOWS$NtUninstallKB942763$spuninstspuninst.exe"
Atualização para Windows XP (KB942840) --> "C:WINDOWS$NtUninstallKB942840$spuninstspuninst.exe"
Atualização para Windows XP (KB946627) --> "C:WINDOWS$NtUninstallKB946627$spuninstspuninst.exe"
AviSynth 2.5 --> "C:Program FilesAviSynth 2.5Uninstall.exe"
BD/HD Advisor 1.0 --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}Setup.exe" -uninstall
Belkin Bluetooth Software --> MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}
BounceBack Express --> C:WINDOWSBBUninstall.exe
Cool & Quiet --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}Setup.exe" -l0x9
CorelDRAW Graphics Suite X3 --> MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}
CrossFont version 5.2 --> "C:Arquivos de programasCrossFntunins000.exe"
CutePDF Writer 2.7 --> C:Arquivos de programasAcro SoftwareCutePDF Writeruninscpw.exe /uninstall
Dekart Biometric API 1.05 --> RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFdkbioapi.inf, DefaultUninstall
Dekart Smartkey Library 4.21 --> RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFsmartkey.inf, DefaultUninstall
DivX Codec --> C:Arquivos de programasDivXDivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:Arquivos de programasDivXDivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:Arquivos de programasDivXDivXConverterUninstall.exe /CONVERTER
DivX Player --> C:Arquivos de programasDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:Arquivos de programasDivXDivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:Arquivos de programasDVD Decrypteruninstall.exe"
DVD Identifier --> "C:Arquivos de programasDVD IdentifierUninstunins000.exe"
DVD Shrink 3.2 --> "C:Arquivos de programasDVD Shrinkunins000.exe"
DVDFab Decrypter 3.0.5.0 --> "C:Arquivos de programasDVDFab Decrypter 3unins000.exe"
EF CheckSum Manager --> C:Arquivos de programasEFCMUnInst.exe
EN --> MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
EPSON Printer Software --> C:WINDOWSSystem32spoolDRIVERSW32X863EPUPDATE.EXE /R
EPSON Web-To-Page --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}Setup.exe" -l0x9 -anything
Ethereal 0.10.12 --> "C:Arquivos de programasEtherealuninstall.exe"
eToken Run Time Environment 3.65 --> MsiExec.exe /I{C002C4EC-18E4-4B2F-83BF-AFD49827CFBD}
eToken Web Sign On 1.4 --> MsiExec.exe /I{1DAAD64D-524B-40CE-8428-6E5CD005D262}
Express Talk --> C:Arquivos de programasNCH Swift SoundTalkuninst.exe
Extensão do HighMAT para o Assistente para Gravação em CD do Microsoft Windows XP --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
FastSum Command-Line Edition 1.9 --> "C:Arquivos de programasFastSumunins000.exe"
ffdshow [rev 1860] [2008-02-15] --> "C:Arquivos de programasffdshowunins000.exe"
Flicware --> C:WINDOWSst6unst.exe -n "C:Arquivos de programasFlicwareST6UNST.LOG"
FontNav --> MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
forteManager --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1PROFES~1RunTime1100Intel32Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{1883A84D-94AA-432C-9519-FA31B6B118B9}setup.exe" -l0x416 -removeonly
FTMaster --> MsiExec.exe /I{4728EC3E-6A14-4A55-96AA-235BE520A603}
GamesGrid Backgammon --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{434F0526-32BE-4BD0-BBA0-AFF439D2143D}setup.exe" -l0x9 -uninst
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Gmail Notifier --> "C:Arquivos de programasGoogleGmail NotifierUninstallGmail.exe"
Google Talk (remove only) --> "C:Arquivos de programasGoogleGoogle Talkuninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:arquivos de programasgooglegoogletoolbar4.dll"
Google Web Accelerator --> MsiExec.exe /X{6A1975EB-27E6-491D-94BC-6355FA25F40F}
GoToMeeting/GoToWebinar 3.0.0.198 --> C:Arquivos de programasCitrixGoToMeeting198G2MUninstall.exe /uninstall
GroupMail :: Free Edition --> "C:Documents and SettingsFabio SantosDados de aplicativosunins000.exe"
GTMAdmin 1.0 RC5 --> "C:Arquivos de programasGTMAdminunins000.exe"
HashCalc 2.01 --> "C:Arquivos de programasHashCalcunins000.exe"
HijackThis 2.0.2 --> "E:HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:WINDOWS$NtUninstallKB902344$spuninstspuninst.exe"
Hotfix para Windows XP (KB935448) --> "C:WINDOWS$NtUninstallKB935448$spuninstspuninst.exe"
Huffyuv AVI lossless video codec (Remove Only) --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFHUFFYUV.INF
ImgBurn (Remove Only) --> "C:Arquivos de programasImgBurnuninstall.exe"
Infotriever --> C:ARQUIV~1INFOTR~1Agentinfoclient.exe -uninstall
InfraRecorder --> C:Arquivos de programasInfraRecorderuninstall.exe
Ink Monitor --> C:Arquivos de programasEPSONInk MonitorInkMonitor.exe -U
InterLok Driver Kit --> MsiExec.exe /X{1A24F9E8-009D-40FC-ABED-2AAFFAB0F4F0}
IrfanView (remove only) --> C:Arquivos de programasIrfanViewiv_uninstall.exe
IRPF2006 - Declaração de Ajuste Anual --> C:ARQUIV~1PROGRA~1IRPF2006UNWISE.EXE C:ARQUIV~1PROGRA~1IRPF2006INSTALL.LOG
IRPF2007 - Declaração de Ajuste Anual --> C:ARQUIV~1PROGRA~1IRPF2007UNWISE.EXE C:ARQUIV~1PROGRA~1IRPF2007INSTALL.LOG
IRPF2008 - Declaração de Ajuste Anual --> C:ARQUIV~1PROGRA~2IRPF2008UNWISE.EXE C:ARQUIV~1PROGRA~2IRPF2008INSTALL.LOG
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Joost ™ Beta 1.0.3 --> C:Arquivos de programasJoostuninst.exe
Keynote Connector --> C:WINDOWSDOWNLO~1CONNEC~1.EXE /Uninstall
Kiwi Log Viewer 2.0.11 --> "C:Arquivos de programasKiwi Log ViewerUninst_KiwiLogViewer.exe"
Leitor USB de Cartões Inteligentes PertoSmart (desinstalar) --> C:Arquivos de programasPertoSmart USB Smartcard Readeruninst.exe
LimeWire 4.14.10 --> "C:Arquivos de programasLimeWireuninstall.exe"
Macromedia Director MX 2004 --> C:ARQUIV~1MACROM~1DIRECT~1UNWISE.EXE C:ARQUIV~1MACROM~1DIRECT~1install.log
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 4 --> C:WINDOWSIsUninst.exe -f"C:Arquivos de programasMacromediaFlash 4Uninst.isu"
Macromedia Flash MX 2004 --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{2F353D44-73BB-4971-B31D-F7642E9E9531}Setup.exe" -l0x9 UNINSTALL
Macromedia HomeSite 5 --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{74307C3F-EBD4-11D4-A4D9-0010A4C3AFF0}Setup.exe" AnyText
Macromedia Shockwave Player --> C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
MAX's HTML Beauty++ 2004 --> "C:Arquivos de programasHTML Beauty 2unins000.exe"
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe"
Microsoft Office Outlook 2003 --> MsiExec.exe /I{90E00409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional com FrontPage --> MsiExec.exe /I{90280416-6000-11D3-8CFE-0050048383C9}
Microsoft Script Debugger --> RunDll32 advpack.dll,LaunchINFSection C:Arquivos de programasMicrosoft Script DebuggerScrptDbg.inf, Uninstall.NT
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
Mozilla Firefox (2.0.0.13) --> C:Arquivos de programasMozilla Firefoxuninstallhelper.exe
Mozilla Sunbird (0.5) --> C:Arquivos de programasMozilla Sunbirduninstalluninst.exe
Mozilla Thunderbird (2.0.0.9) --> C:Arquivos de programasMozilla Thunderbirduninstallhelper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySQL Tools for 5.0 --> MsiExec.exe /I{3871B4C5-7505-4053-9473-0CDB4D6E7F54}
Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1046}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon Message Center --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}Setup.exe" -l0x9 UNINSTALL
NikonCapture --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{21DDC579-834B-4C14-8122-853994FA2214}Setup.exe" -l0x9 UNINSTALL
Nullsoft Install System --> "C:Arquivos de programasNSISuninst-nsis.exe"
NVIDIA Drivers --> C:WINDOWSsystem32nvudisp.exe UninstallGUI
NVIDIA System Utility --> C:Arquivos de programasArquivos comunsInstallShieldDriver8Intel 32IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1046
NvMixer --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{D7A6C517-11F2-419F-B5BB-27772B939698}Setup.exe" -uninstall
Open Workbench --> MsiExec.exe /I{AED0B5AC-0771-4600-9777-9C4C910EBE09}
Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card --> "C:WINDOWS$NtUninstallbasecsp$spuninstspuninst.exe"
Panda ActiveScan 2.0 --> C:Arquivos de programasPanda SecurityActiveScan 2.0as2uninst.exe
Panda Internet Security 2008 --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{EEBA9416-3207-47E0-9022-116440599DBC}SETUP.exe" -l0x816 -removeonly
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
pgAdmin III 1.6 --> MsiExec.exe /I{C65BB461-502A-42C6-BAE8-B560F40384D5}
PhotoDVD 2.6.2.0b --> "C:Arquivos de programasvsoPhotoDVDunins000.exe"
Picasa 2 --> "C:Arquivos de programasPicasa2Uninstall.exe"
Ping Plotter Freeware --> C:ARQUIV~1PINGPL~1UNWISE.EXE C:ARQUIV~1PINGPL~1INSTALL.LOG
PL-2303 USB-to-Serial --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}Setup.exe" -l0x9 Installed
ProjectReader --> MsiExec.exe /X{9ACD9F21-CA0A-4E08-B54B-EB39CAA0D42B}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:Arquivos de programasArquivos comunsRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe" REMOVE
Receitanet 2008 --> C:WINDOWSDesinstRecnet.exe
Rio Internet Update --> MsiExec.exe /X{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA}
Rio Music Manager --> MsiExec.exe /X{282EF7E3-AE54-48AE-A11D-27F512F23AB3}
Rio Music Manager MP3 Encoder --> MsiExec.exe /X{B4A25C7F-8110-4814-B274-1E77A3F1850A}
SafeSign --> MsiExec.exe /X{6347401C-C260-4B30-9816-8F5A1419CC49}
ScanChamp ScanReader Solo --> MsiExec.exe /I{7E0B50C3-0A89-4851-9901-44875DE6E96A}
ScanChamp ScanTool --> MsiExec.exe /I{10C89AF3-C053-49A1-8C39-739CCE9187DE}
ScreenPrint32 v3.5 --> C:WINDOWSst6unst.exe -n "C:Arquivos de programasScreenPrint32 v3ST6UNST.LOG"
screensaver_char_1280 --> C:WINDOWSscreensaver_char_1280.scr /u
ScreenTime for Flash 3.1.0u --> C:WINDOWSunvise32.exe C:Arquivos de programasScreenTime for Flash 3.1.0uuninstal.log
SDK --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1PROFES~1RunTime1100Intel32Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}setup.exe" -l0x9
Seagate SeaTools English Online --> RunDll32.exe C:DOCUME~1FABIOS~1DesktopNPSEAT~1.DLL,DllUninstallServer
SecondLife (remove only) --> "C:Arquivos de programasSecondLifeuninst.exe" /P="SecondLife"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sentinel System Driver --> C:WINDOWSSYSTEM32RNBOSENTSETUPX86.EXE /U /q
SerialMagic Pro --> MsiExec.exe /I{B451701B-CCBF-4C70-84D0-F868695E40D8}
SigmaTel MSCN Audio Player --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}setup.exe" -l0x9
Sigview v1.9.6.0 --> "C:Arquivos de programasSigviewunins000.exe"
SiSoftware Sandra Lite 2007 (Win64/32/CE) --> "C:Arquivos de programasSiSoftwareSiSoftware Sandra Lite 2007unins000.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sloppy --> C:WINDOWSsystem32javaws.exe -uninstall -prompt "http://www.dallaway.com/sloppy/sloppy.jnlp"
Smart Card ToolSet PRO v3.3 (build 6) --> "C:Arquivos de programasSCardSOFTSmart Card ToolSet PROunins000.exe"
SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SmartFTP Client 2.5 Setup Files (remove only) --> C:Arquivos de programasSmartFTP Client 2.5 Setup Filesuninst-sftp.exe
SmartFTP Client 3.0 Setup Files (remove only) --> C:Arquivos de programasSmartFTP Client 3.0 Setup Filesuninst-sftp.exe
Sony Sound Forge 8.0 --> MsiExec.exe /X{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}
SpeedFan (remove only) --> "C:Arquivos de programasSpeedFanuninstall.exe"
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SuperCopy 0.4 --> C:Arquivos de programasSuperCopyuninst.exe
System Requirements Lab --> C:Arquivos de programasSystemRequirementsLabUninstall.exe
Terrasip Phoner --> MsiExec.exe /I{4F23F956-67C9-414D-AF37-1754B12FA361}
TMPGEnc 3.0 XPress --> MsiExec.exe /I{D48EAA77-E526-41EB-894C-BD6A17EABD95}
TMPGEnc DVD Author 1.6 --> MsiExec.exe /I{9CD89DD7-234A-4801-9D87-3DE352E146A0}
TMPGEnc Sound Player --> MsiExec.exe /I{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}
TopStyle (Version 3) --> C:ARQUIV~1BradburyTOPSTY~1UNWISE.EXE C:ARQUIV~1BradburyTOPSTY~1INSTALL.LOG
TransType Pro --> "C:Arquivos de programasFontLabTransType ProUninstall.exe" "C:Arquivos de programasFontLabTransType Proinstall.log"
TrueVision3D 6.2 --> C:TV3DSDKunins000.exe
TUGZip 3.4 --> "C:Arquivos de programasTUGZipunins000.exe"
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA --> MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoCAM Eye --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{8B08C6A5-2B90-4E93-980D-7EEB39099D4D}setup.exe" -l0x416
VideoLAN VLC media player 0.8.6e --> C:Arquivos de programasVideoLANVLCuninstall.exe
Viewpoint Manager (Remove Only) --> C:Arquivos de programasViewpointViewpoint ManagerViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:Arquivos de programasViewpointViewpoint Media PlayermtsAxInstaller.exe /u
VobSub v2.23 (Remove Only) --> "C:Arquivos de programasGabestVobSubuninstall.exe"
Vono --> C:Arquivos de programasVonoSoftfone VonoSystemVono.exe /uninstall
Voq Desktop Tools --> RunDll32 C:ARQUIV~1ARQUIV~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Arquivos de programasInstallShield Installation Information{23479E21-A43B-422C-B2B0-A78900C4B5A4}Setup.exe"
WebEx --> C:WINDOWSDOWNLO~1atcliun.exe
WebEx Recorder and Player --> MsiExec.exe /I{1D243F00-1389-4C63-A7E9-B17E967D1901}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Safety scanner --> RunDll32.exe "C:Arquivos de programasWindows Live Safety CenterwlscCore.dll",?UninstallFunction@CwlscCore@@QAEXXZ
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"
WinRAR archiver --> C:Arquivos de programasWinRARuninstall.exe
Xvid 1.1.3 final uninstall --> "C:Arquivos de programasXviDunins001.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type14681 / Error
Event Submitted/Written: 04/11/2008 07:26:56 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplicativo com falha wuauclt.exe, versão 7.0.6000.381, módulo com falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Event Record #/Type14680 / Error
Event Submitted/Written: 04/11/2008 07:26:43 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplicativo com falha iesetup.exe, versão 7.0.5730.13, módulo com falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Event Record #/Type14679 / Error
Event Submitted/Written: 04/11/2008 07:25:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplicativo com falha hijackthis.exe, versão 2.0.0.2, módulo com falha xxyayyol.dll, versão 0.0.0.0, endereço com falha 0x00062d53.
Processando evento específico de mídia para [hijackthis.exe!ws!]

Event Record #/Type14678 / Error
Event Submitted/Written: 04/11/2008 07:25:21 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplicativo com falha hijackthis.exe, versão 2.0.0.2, módulo com falha xxyayyol.dll, versão 0.0.0.0, endereço com falha 0x00062d53.
Processando evento específico de mídia para [hijackthis.exe!ws!]

Event Record #/Type14676 / Error
Event Submitted/Written: 04/11/2008 07:18:55 PM
Event ID/Source: 1023 / MsiInstaller
Event Description:
Produto: Microsoft .NET Framework 2.0 Service Pack 1 - A atualização '.NET Framework PreXP' não pôde ser instalada. Código de erro 1603. Informações adicionais disponíveis no arquivo de log C:DOCUME~1FABIOS~1CONFIG~1Tempdd_NET_Framework20_Setup4910.txt.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type53255 / Error
Event Submitted/Written: 04/11/2008 07:06:35 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
O serviço Epson Printer Status Agent4 foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Event Record #/Type53254 / Warning
Event Submitted/Written: 04/11/2008 07:06:30 PM
Event ID/Source: 8004 / MRxSmb
Event Description:
Uma requisição foi submetida para promover o computador para reserva
quando ele já é um localizador mestre.

Event Record #/Type53230 / Error
Event Submitted/Written: 04/11/2008 11:38:38 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Não foi possível iniciar o serviço DS1410D devido ao seguinte erro:
%%2

Event Record #/Type53229 / Error
Event Submitted/Written: 04/11/2008 11:38:38 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Não foi possível iniciar o serviço BtCap, WDM Video Capture devido ao seguinte erro:
%%1058

Event Record #/Type53228 / Error
Event Submitted/Written: 04/11/2008 11:38:38 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Não foi possível iniciar o serviço Aecdf2icnwp devido ao seguinte erro:
%%2



-- End of Deckard's System Scanner: finished at 2008-04-11 20:04:16 ------------
------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 11, 2008 9:30:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/04/2008
Kaspersky Anti-Virus database records: 698660
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:WINDOWS
C:DOCUME~1FABIOS~1CONFIG~1Temp

Scan Statistics:
Total number of scanned objects: 23890
Number of viruses found: 3
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 00:29:14

Infected Object Name / Virus Name / Last Action
C:WINDOWSDebugPASSWD.LOG Object is locked skipped
C:WINDOWSSchedLgU.Txt Object is locked skipped
C:WINDOWSSoftwareDistributionEventCache{6E6896DF-7B9C-4918-A89A-2F36BCDF9B65}.bin Object is locked skipped
C:WINDOWSSoftwareDistributionReportingEvents.log Object is locked skipped
C:WINDOWSSti_Trace.log Object is locked skipped
C:WINDOWSsystem32adycoymn.dll Infected: Trojan.Win32.KillAV.rf skipped
C:WINDOWSsystem32CatRoot2edb.log Object is locked skipped
C:WINDOWSsystem32CatRoot2tmp.edb Object is locked skipped
C:WINDOWSsystem32CatRoot2{127D0A1D-4EF2-11D1-8608-00C04FC295EE}catdb Object is locked skipped
C:WINDOWSsystem32CatRoot2{F750E6C3-38EE-11D1-85E5-00C04FC295EE}catdb Object is locked skipped
C:WINDOWSsystem32configAppEvent.Evt Object is locked skipped
C:WINDOWSsystem32configdefault Object is locked skipped
C:WINDOWSsystem32configdefault.LOG Object is locked skipped
C:WINDOWSsystem32configSAM Object is locked skipped
C:WINDOWSsystem32configSAM.LOG Object is locked skipped
C:WINDOWSsystem32configSecEvent.Evt Object is locked skipped
C:WINDOWSsystem32configSECURITY Object is locked skipped
C:WINDOWSsystem32configSECURITY.LOG Object is locked skipped
C:WINDOWSsystem32configsoftware Object is locked skipped
C:WINDOWSsystem32configsoftware.LOG Object is locked skipped
C:WINDOWSsystem32configSysEvent.Evt Object is locked skipped
C:WINDOWSsystem32configsystem Object is locked skipped
C:WINDOWSsystem32configsystem.LOG Object is locked skipped
C:WINDOWSsystem32driverssptd.sys Object is locked skipped
C:WINDOWSsystem32h323log.txt Object is locked skipped
C:WINDOWSsystem32isdjpfdj.dll Infected: Trojan.Win32.KillAV.rf skipped
C:WINDOWSsystem32ljJBuvwu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:WINDOWSsystem32LogFilesWUDFWUDFTrace.etl Object is locked skipped
C:WINDOWSsystem32pxvrvaxl.dll Infected: Trojan.Win32.KillAV.rf skipped
C:WINDOWSsystem32qhwmkita.dll Infected: Packed.Win32.Monder.gen skipped
C:WINDOWSsystem32ssqoolii.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:WINDOWSsystem32wbemRepositoryFSINDEX.BTR Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSINDEX.MAP Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSMAPPING.VER Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSMAPPING1.MAP Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSMAPPING2.MAP Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSOBJECTS.DATA Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSOBJECTS.MAP Object is locked skipped
C:WINDOWSwiadebug.log Object is locked skipped
C:WINDOWSwiaservc.log Object is locked skipped
C:WINDOWSWindowsUpdate.log Object is locked skipped
C:DOCUME~1FABIOS~1CONFIG~1TempWCESLog.log Object is locked skipped
C:DOCUME~1FABIOS~1CONFIG~1Temp~DF43A9.tmp Object is locked skipped

Scan process completed.

Merged posts. ~ OB

Edited by Orange Blossom, 11 April 2008 - 08:19 PM.


BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:31 AM

Posted 21 April 2008 - 12:32 PM

Hello fabiomelo

Welcome to the Bleeping Computer Malware Removal Forum, sorry for the delay in responding, but the amount of people posting with infected computers is through the roof and we sometimes can't get to logs as fast as we would like to. If you have not resolved this issue and still need assistance, post a new HJT log as your system may have changed since your original post.


Download Trendmicros Hijackthis to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Ken

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 fabiomelo

fabiomelo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 21 April 2008 - 08:36 PM

Hi! Thanks for the reply, he is mine log. Thanks a lot

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:34, on 21/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Arquivos de programas\Arquivos comuns\Portrait Displays\Shared\dtsrvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\eTSrv.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe
C:\Arquivos de programas\Vono\Softfone Vono\System\Vono Manager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe
C:\Arquivos de programas\ScreenPrint32 v3\ScreenPrint32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE
C:\Arquivos de programas\Automatic Update\AutoUpdate.exe
C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\eTCrtMng.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\Arquivos de programas\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Portrait Displays\forteManager\DTHtml.exe
C:\WINDOWS\NoSleep.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\ARQUIV~1\MICROS~4\rapimgr.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Arquivos de programas\Belkin\Bluetooth Software\BTTray.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Arquivos de programas\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Fabio Santos\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: WSOBHOObj Class - {4D0B671C-7F9A-4516-B4DB-D30F3A12EE26} - C:\Arquivos de programas\Aladdin\eToken\WSO\eTWSOBHO.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll
O3 - Toolbar: Web Sign On - {46832FF5-95B5-4654-88F4-7F5F37AD1FC2} - C:\Arquivos de programas\Aladdin\eToken\WSO\eTWSO.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Arquivos de programas\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Arquivos de programas\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE /P23 "EPSON Stylus C87 Series" /O6 "USB002" /M "Stylus C87"
O4 - HKLM\..\Run: [AutoUpdate] C:\Arquivos de programas\Automatic Update\AutoUpdate.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [EPSON Stylus C87 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE /P33 "EPSON Stylus C87 Series (cópia 1)" /O6 "USB003" /M "Stylus C87"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DT LGE] C:\Arquivos de programas\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [NoSleep_NewSoft] C:\WINDOWS\NoSleep.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Flashget] C:\Arquivos de programas\FlashGet\FlashGet.exe /min
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE /P23 "EPSON Stylus C87 Series" /M "Stylus C87" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BrOffice.org 2.0.lnk = C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Arquivos de programas\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Sign On - {1A69BF73-60DD-49b7-9251-F7A7D7070940} - C:\Arquivos de programas\Aladdin\eToken\WSO\eTWSO.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...20025019,1,3000
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://eastside.wjdomain.wj.com.br/qp2.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - https://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5DB05CB8-7751-469D-A1DD-45C8C201C013} (Blender 3D Plug-in Active X Control) - http://download.blender.org/release/plugin...der3DPlugin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120276223093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.26.downloads.estara.co...669187OneCC.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180755667281
O16 - DPF: {8BF7B588-F4AC-4A6E-AF63-F664449EED2E} (PDM Plugin2) - http://queens.wjdomain.wj.com.br:10038/wps...ts/DMPlugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab
O16 - DPF: {A9975532-CED9-45DA-AB04-8C03FDFFA09F} (Eucatex.Eucatex1) - http://www.eucatex.com.br/eucatex/Decorado...adorCliente.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/playe...5/Installer.exe
O16 - DPF: {D7959311-BFA5-11D4-AC33-0050DA92CB80} (VRmallViewer Class) - http://www.humandream.com/VRmall/Release/VRmall.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://genzyme.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} (TSBnwCam Control) - http://68.15.12.110:8012/user/TSBnwCam.CAB
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D416A03-EE8C-43F2-B830-57CC43BD1FF7}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\system32\EZTOOL~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll
O20 - Winlogon Notify: ljJBuvwu - C:\WINDOWS\
O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Arquivos de programas\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe
O23 - Service: Vono Manager (Vono_Manager) - Unknown owner - C:\Arquivos de programas\Vono\Softfone Vono\System\Vono Manager.exe

--
End of file - 20212 bytes

#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:31 AM

Posted 21 April 2008 - 08:55 PM

Hello Fabio,

Please reread my instructions for installing HJT, it needs to be in its own folder for backup purposes.


Please download ATF Cleaner by Atribune to your desktop.
  • This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up







Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <------------------
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a Hijackthis log.

Post the Malwarebytes log and a new HJT log please

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#5 fabiomelo

fabiomelo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 22 April 2008 - 07:24 AM

Hi Ken,

Here it is... hope it helps! Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:25:06, on 22/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Arquivos de programas\Arquivos comuns\Portrait Displays\Shared\dtsrvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\eTSrv.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe
C:\Arquivos de programas\Vono\Softfone Vono\System\Vono Manager.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe
C:\Arquivos de programas\ScreenPrint32 v3\ScreenPrint32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE
C:\Arquivos de programas\Automatic Update\AutoUpdate.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\eTCrtMng.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\Arquivos de programas\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Portrait Displays\forteManager\DTHtml.exe
C:\WINDOWS\NoSleep.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\ARQUIV~1\MICROS~4\rapimgr.exe
C:\Arquivos de programas\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Arquivos de programas\Belkin\Bluetooth Software\BTTray.exe
C:\Arquivos de programas\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Fabio Santos\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: WSOBHOObj Class - {4D0B671C-7F9A-4516-B4DB-D30F3A12EE26} - C:\Arquivos de programas\Aladdin\eToken\WSO\eTWSOBHO.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll
O3 - Toolbar: Web Sign On - {46832FF5-95B5-4654-88F4-7F5F37AD1FC2} - C:\Arquivos de programas\Aladdin\eToken\WSO\eTWSO.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Arquivos de programas\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Arquivos de programas\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE /P23 "EPSON Stylus C87 Series" /O6 "USB002" /M "Stylus C87"
O4 - HKLM\..\Run: [AutoUpdate] C:\Arquivos de programas\Automatic Update\AutoUpdate.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [EPSON Stylus C87 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE /P33 "EPSON Stylus C87 Series (cópia 1)" /O6 "USB003" /M "Stylus C87"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DT LGE] C:\Arquivos de programas\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [NoSleep_NewSoft] C:\WINDOWS\NoSleep.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Flashget] C:\Arquivos de programas\FlashGet\FlashGet.exe /min
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE /P23 "EPSON Stylus C87 Series" /M "Stylus C87" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BrOffice.org 2.0.lnk = C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Arquivos de programas\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Sign On - {1A69BF73-60DD-49b7-9251-F7A7D7070940} - C:\Arquivos de programas\Aladdin\eToken\WSO\eTWSO.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...20025019,1,3000
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://eastside.wjdomain.wj.com.br/qp2.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - https://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5DB05CB8-7751-469D-A1DD-45C8C201C013} (Blender 3D Plug-in Active X Control) - http://download.blender.org/release/plugin...der3DPlugin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120276223093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.26.downloads.estara.co...669187OneCC.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180755667281
O16 - DPF: {8BF7B588-F4AC-4A6E-AF63-F664449EED2E} (PDM Plugin2) - http://queens.wjdomain.wj.com.br:10038/wps...ts/DMPlugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab
O16 - DPF: {A9975532-CED9-45DA-AB04-8C03FDFFA09F} (Eucatex.Eucatex1) - http://www.eucatex.com.br/eucatex/Decorado...adorCliente.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/playe...5/Installer.exe
O16 - DPF: {D7959311-BFA5-11D4-AC33-0050DA92CB80} (VRmallViewer Class) - http://www.humandream.com/VRmall/Release/VRmall.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://genzyme.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} (TSBnwCam Control) - http://68.15.12.110:8012/user/TSBnwCam.CAB
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D416A03-EE8C-43F2-B830-57CC43BD1FF7}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\system32\EZTOOL~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll
O20 - Winlogon Notify: ljJBuvwu - C:\WINDOWS\
O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Arquivos de programas\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe
O23 - Service: Vono Manager (Vono_Manager) - Unknown owner - C:\Arquivos de programas\Vono\Softfone Vono\System\Vono Manager.exe

--
End of file - 20532 bytes







Malwarebytes' Anti-Malware 1.11
Database version: 669

Scan type: Quick Scan
Objects scanned: 38868
Time elapsed: 8 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{1ecc44fb-970d-4bc8-90e3-002da4dd21b8} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63bd4ee4-660b-434d-a54b-7c1f53e2fedd} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6d2c09c4-ec95-4251-81fd-1cd01fd8ae44} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d622e87a-35f9-4fb2-afee-4f5bf8407c7a} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ff14b02b-6ee4-400f-a729-b0ea35f921c2} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\aosmtp.mail (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{69620165-77dd-44ee-995c-3632e525a22b} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f8d07b72-b4b4-46a0-acc0-c771d4614b82} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\aosmtp.mail.1 (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\aosmtp.fastsender (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\aosmtp.fastsender.1 (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\AOSMTP.dll (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fabio Santos\g2mdlhlpx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Explorer.EXE (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

#6 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:31 AM

Posted 22 April 2008 - 12:10 PM

Hello,

You did not move HJT log I asked which means that the entries we are going to move will be unrecoverable.

So, create a folder on your C:drive and name it HJT, Cut HJT from where you currently have it and paste it into the new folder.

Viewpoint installs without your knowledge or consent and is not needed, you can uninstall it from the add remove programs in the Control Panel, first do this, then uninstall viewpoint

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...20025019,1,3000

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe




Download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

1. Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze
2. If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Edited by ken545, 22 April 2008 - 12:21 PM.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#7 fabiomelo

fabiomelo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 30 April 2008 - 12:38 PM

Thanks for your help! I've instaled a fresh XP in my machine, I could not wait to get back to work. Thanks a lot.

#8 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:31 AM

Posted 30 April 2008 - 12:53 PM

Hi,

Your welcome, sometimes with this garbage floating around its the best recourse. Here are some tips and free programs to install to help keep you more secure.

Malware Complaints
Are you mad ? I mean really mad, seething mad, so mad your ready to spit, mad that you have taken your hard earned dollars to buy a computer only to have some Miscredents, Dirt Bags and Cyber Criminals install a malicious program on your computer without your knowledge or consent. You can post your complaint at the above site. If you live in the U.S.A. you can also report your grievance to your State Attorney Generals Office and the Federal Trade Commission's Bureau of Consumer Protection.


Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.5.2
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 2.0.0.14 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
  • Zone Alarm Here is a free Firewall from Zone Labs
Glad we could help

Safe Surfn
Ken

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users