Remoção de vírus

olá Mestre Wolf,
mais uma vez postando logs.
Analisa esse log pra mim por favor.

Logfile of HijackThis v1.99.1
Scan saved at 23:35:13, on 12/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Eset\nod32kui.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Arquivos de programas\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Arquivos de programas\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cedricddiggory019.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe
 
Asta.ini, acesse o Kaspersky Online Scanner e faça um scan seguindo a imagem abaixo dentro do spoiler. No final salve o relatório do scan, como mostra na imagem, e poste-o aqui por gentileza.

kasperskyag3.gif
_____________________________________________________


Julinhhu, kamsoft é um vírus de pen drive. Não adianta desativar do msconfig, tem que removê-lo. Siga as instruções abaixo Julinhhu, dentro dos spoilers

- Faça o download do USBFix e salve-o no desktop;

- Desative temporariamente seu antivírus;
- Instale o programa clicando em (Suivant > Aceite o contrato > Suivant > Suivant > Démarrer > Quitter);
- Dê um duplo clique no ícone do USBFix criado no desktop para executá-lo;
- Insira o pen drive na porta USB do PC e clique OK;
- Será apresentado uma mensagem que seu computador será desligado. Aguarde e espere-o reiniciar;
- O PC será reiniciado. Mantenha o pen drive no local. Não remova!!
- Ao reiniciar o PC a ferramenta será executada automaticamente. Clique "Continue" e aguarde...
- Ao receber a mensagem "Nettoyage effectue!", tecle ENTER
- Será aberto o log no bloco de notas automaticamente, junto com o Meu Computador, feche-os. O log também estará em C:\UsbFix.txt.

Cole este log do USBFix em sua próxima resposta Julinhhu.
- Faça o download do ComboFix e salve-o no desktop;
OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)

● Desative, temporariamente, seu antivírus;
● Feche todas as janelas abertas;
● Dê um duplo clique no arquivo ComboFix;
● Tecle 1 e dê um Enter. Aguarde até que o relatório seja gerado. É um pouco demorado o scan;
● O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.
● Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
● Para parar ou sair do ComboFix, tecle "N".

Cole este log do ComboFix, juntamente com o do USBFix, em sua próxima resposta.
 
gabiru_pesbrasil disse:
Olá Mr. Wolf, primeiramente parabéns pelo ótimo trabalho no tópico

meu computador não apresenta nada de anormal aparentemente, mas fiquei assustado como você acha malwares e afins em quase a totalidade dos logs aqui :eek: então aqui estou eu postando o log do hijackthis, se você puder dar um confere ai :yes:

agradeço desde já

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:27, on 10/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "D:\Arquivos de Programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F277EA2-FB99-4159-8981-A2C4A1F0BB18}: NameServer = 200.165.132.155 200.165.132.148
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9573 bytes
Clique para expandir...
gabiru_pesbrasil, seja bem vindo ao fórum.

Seu log está limpo amigo. :thumbs_up


__________________________________________


luisednardo, o que ocorre com a máquina? No log do HijackThis não aparece nada anormal.
 
Sinceramente Wolf, eu tambem nao notei nada de anormal, foi so precaução mesmo. O cliente é que suspeitou que tinha virus, ainda vou falar com ele, mas daqui ha 1h eu vou postar mais 2 logs de outra pessoa ôk?! Valew Wolf
 
Ok Wolf, analisa aí pra mim ok?!

VOu colocar como PC1 e PC2 ok?!

Log do PC1
Logfile of HijackThis v1.99.1
Scan saved at 21:41:48, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\ARQUIVOS DE PROGRAMAS\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1207197850274
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207202295875
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://ferramentas.download.uol.com.br/activeinstall/UOLActiveInstall.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

Log do PC2
Logfile of HijackThis v1.99.1
Scan saved at 21:47:26, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\UOL\Acelerador UOL\vcn.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
C:\ARQUIV~1\AVG\AVG8\avgam.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acelerador UOL - Unknown owner - C:\Arquivos de programas\UOL\Acelerador UOL\vcn.exe" -f "C:\Arquivos de programas\UOL\Acelerador UOL\acelerador.cfg" -Srun (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
 
luisednardo

O PC1 não vi nenhum problema no log. Ocorre algum problema com esta máquina?

Já com o PC2, siga as instruções abaixo.

Vá em Painel de Controle > Adicionar ou Remover Programas. Encontre e desinstale o item ADSTechnology. Em seguida.

Faça o download do Malwarebytes Anti-Malware

- Dê dois cliques sobre o programa para iniciar a instalação;
- Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
- Marque "Verificação Completa" e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
- Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
- Se algo for detectado, veja se tudo está marcado e clique em "Remover";
- O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
- Copie e cole o conteúdo desse log na sua próxima resposta.

E também gere novo log do HijackThis e cole na sua resposta junto com o do Malwarebytes luisednardo.
 
Mr.Wolf disse:
luisednardo

O PC1 não vi nenhum problema no log. Ocorre algum problema com esta máquina?

Já com o PC2, siga as instruções abaixo.

Vá em Painel de Controle > Adicionar ou Remover Programas. Encontre e desinstale o item ADSTechnology. Em seguida.

Faça o download do Malwarebytes Anti-Malware

- Dê dois cliques sobre o programa para iniciar a instalação;
- Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
- Marque "Verificação Completa" e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
- Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
- Se algo for detectado, veja se tudo está marcado e clique em "Remover";
- O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
- Copie e cole o conteúdo desse log na sua próxima resposta.

E também gere novo log do HijackThis e cole na sua resposta junto com o do Malwarebytes luisednardo.
Clique para expandir...

Ok Wolf,
mais uma vez obrigado! Vou fazer o que pediu e amanhã eu posto os logs!
Até amanhã grande Wolf.
Boa noite!
 
Mr.Wolf disse:
Tudo certo amigo Xleon.

Só disse isso porque o ComboFix ao mesmo tempo que pode ajudar, desinfectando seu sistema, pode atrapalhar espalhando e agravando ainda mais a infecção. O ComboFix segue "a risca" seu banco de dados, e só remove códigos que já estejam adicionados ao banco. Vamos supor: Você tem uma infecção X e no banco de dados do ComboFix o código deste malware é Y. Ele fará com que esta infecção X, se torne XY. Ou seja, agravando mais ainda a situação.
É uma coisa totalmente errada da ferramenta, mas é a verdade.

Por isso que sempre aconselho à todos, não só você Xleon, não utilizem o ComboFix sem orientação de uma pessoa que conhece seu banco de dados. Não digo somente eu não, em vários fóruns que possuem área de Remoção de vírus na web, existem profissionais tão competentes e bons quanto eu que conhecem perfeitamente também o banco do ComboFix.

Amanhã aguardo o log do SDFix Xleon. :thumbs_up

Um abraço
Clique para expandir...

OW rapaz, Blz?

Tranquilo, obrigado pela informação, sinceramente eu pensei que o ComboFix era somente para remover alguns malwares e tirar relatórios e não sabia que ele podia fazer esse estragos... hehehe... Vlw ae pela informação!!

Segue o Log do SD
SDFix: Version 1.240
Run by Administrator on Tue 11/11/2008 at 09:09 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
No Trojan Files Found



Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 09:23:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000005f
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\WINDOWS\\keyacc32.exe"="C:\\WINDOWS\\keyacc32.exe:*:Enabled:KeyAccess"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
Remaining Files :

Files with Hidden Attributes :
Thu 24 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!

Vlw ae
 
Mr.Wolf disse:
Julinhhu, kamsoft é um vírus de pen drive. Não adianta desativar do msconfig, tem que removê-lo. Siga as instruções abaixo Julinhhu, dentro dos spoilers

- Faça o download do USBFix e salve-o no desktop;

- Desative temporariamente seu antivírus;
- Instale o programa clicando em (Suivant > Aceite o contrato > Suivant > Suivant > Démarrer > Quitter);
- Dê um duplo clique no ícone do USBFix criado no desktop para executá-lo;
- Insira o pen drive na porta USB do PC e clique OK;
- Será apresentado uma mensagem que seu computador será desligado. Aguarde e espere-o reiniciar;
- O PC será reiniciado. Mantenha o pen drive no local. Não remova!!
- Ao reiniciar o PC a ferramenta será executada automaticamente. Clique "Continue" e aguarde...
- Ao receber a mensagem "Nettoyage effectue!", tecle ENTER
- Será aberto o log no bloco de notas automaticamente, junto com o Meu Computador, feche-os. O log também estará em C:\UsbFix.txt.

Cole este log do USBFix em sua próxima resposta Julinhhu.
- Faça o download do ComboFix e salve-o no desktop;
OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)

● Desative, temporariamente, seu antivírus;
● Feche todas as janelas abertas;
● Dê um duplo clique no arquivo ComboFix;
● Tecle 1 e dê um Enter. Aguarde até que o relatório seja gerado. É um pouco demorado o scan;
● O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.
● Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
● Para parar ou sair do ComboFix, tecle "N".

Cole este log do ComboFix, juntamente com o do USBFix, em sua próxima resposta.
Clique para expandir...

Log USBFix

-------------- UsbFix V2.402 ---------------

* User : Julinho - JULINHO
* Outils mis a jours le 10/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 13:07:13 le ter 11/11/2008
* Windows Xp - Internet Explorer 6.0.2900.5512


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\Julinho\CONFIG~1\Temp\1.tmp\b2e.exe

--------------- [ Informations lecteurs ] ----------------

C: - Unidade de disco fixo

D: - Unidade de disco fixo

H: - Unidade de disco remov¡vel


+- Contenu de l'autorun : C:\autorun.inf



+- Contenu de l'autorun : D:\autorun.inf



+- Contenu de l'autorun : H:\autorun.inf



--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
uTorrent REG_SZ "C:\Arquivos de programas\uTorrent\uTorrent.exe"
RocketDock REG_SZ "C:\Arquivos de programas\RocketDock\RocketDock.exe"

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05398db3-a519-11dd-b708-0018f397b4b6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05398db3-a519-11dd-b708-0018f397b4b6}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05398db3-a519-11dd-b708-0018f397b4b6}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05398db4-a519-11dd-b708-0018f397b4b6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05398db4-a519-11dd-b708-0018f397b4b6}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05398db4-a519-11dd-b708-0018f397b4b6}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f09d196-9d92-11dd-b6f9-0018f397b4b6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f09d196-9d92-11dd-b6f9-0018f397b4b6}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f09d196-9d92-11dd-b6f9-0018f397b4b6}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [06/11/2008 10:56] C:\WINDOWS\system32\ckvo.exe
Supprimé ! - [10/11/2008 22:19] C:\WINDOWS\system32\ckvo0.dll
Supprimé ! - [08/11/2008 14:09] C:\WINDOWS\system32\ckvo1.dll
C:\autorun.inf ~> fichier appelé : "C:\lky.exe" ( présent ! )
Echec de la supression !! - "C:\lky.exe"
D:\autorun.inf ~> fichier appelé : "D:\lky.exe" ( présent ! )
Echec de la supression !! - "D:\lky.exe"
H:\autorun.inf ~> fichier appelé : "H:\lky.exe" ( présent ! )
Echec de la supression !! - "H:\lky.exe"
Supprimé ! - [11/11/2008 13:03] C:\autorun.inf
Supprimé ! - [23/10/2008 00:57] C:\2fiji.com
Supprimé ! - [06/11/2008 10:56] C:\nq0cq.cmd
Supprimé ! - [08/11/2008 14:09] C:\sq.com
Supprimé ! - [28/09/2008 12:59] C:\wjlfhtfm.cmd
Supprimé ! - [03/11/2008 13:18] C:\xih9.cmd
Supprimé ! - [23/10/2008 00:57] C:\xlk9.com
Supprimé ! - [11/11/2008 13:03] D:\autorun.inf
Supprimé ! - [23/10/2008 00:57] D:\2fiji.com
Supprimé ! - [06/11/2008 10:56] D:\nq0cq.cmd
Supprimé ! - [08/11/2008 14:09] D:\sq.com
Supprimé ! - [28/09/2008 12:59] D:\wjlfhtfm.cmd
Supprimé ! - [03/11/2008 13:18] D:\xih9.cmd
Supprimé ! - [23/10/2008 00:57] D:\xlk9.com
Supprimé ! - [17/10/2008 14:09] D:\b.exe
Supprimé ! - [11/11/2008 13:03] H:\autorun.inf
Supprimé ! - [16/09/2008 14:43] H:\1u0o8bnq.cmd
Supprimé ! - [20/10/2008 13:18] H:\2fiji.com
Supprimé ! - [13/10/2008 07:34] H:\68.exe
Supprimé ! - [08/10/2008 22:03] H:\n6t1h.cmd
Supprimé ! - [06/11/2008 10:56] H:\nq0cq.cmd
Supprimé ! - [01/10/2008 08:15] H:\otyh.cmd
Supprimé ! - [03/11/2008 13:18] H:\xih9.cmd
Supprimé ! - [02/10/2008 13:24] H:\yew.bat

--------------- [ Listing des fichiers présents ] ----------------

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

[12/10/2008 21:12][--a------] C:\AUTOEXEC.BAT
[14/04/2008 10:00][-rahs----] C:\NTDETECT.COM
[14/04/2008 10:00][-rahs----] C:\whi.com
[11/11/2008 12:38][-r-hs----] C:\lky.exe
[10/11/2008 01:17][-rahs----] C:\boot.ini
[10/11/2008 22:20][-r-hs----] D:\whi.com
[11/11/2008 12:38][-r-hs----] D:\lky.exe
[10/11/2008 19:36][-r-hs----] H:\whi.com
[13/08/2008 23:50][-ra------] H:\ComboFix.exe
[13/08/2008 23:50][-ra------] H:\lky.exe

--------------- [ Vaccination ] ----------------

C:\autorun.inf - Dossier autorun.inf crée par UsbFix !
D:\autorun.inf - Dossier autorun.inf crée par UsbFix !
H:\autorun.inf - Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------

Log ComboFix

ComboFix 08-11-10.01 - Julinho 2008-11-11 13:14:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2220 [GMT -2:00]
Executando de: d:\programas\ComboFix.exe
* Criado um novo ponto de restauro
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive


(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))
.

2008-11-11 13:00 . 2008-11-11 13:07 <DIR> d-------- c:\arquivos de programas\UsbFix
2008-11-11 12:39 . 2008-11-11 12:38 109,736 -r-hs---- C:\lky.exe
2008-11-11 12:38 . 2008-11-11 12:38 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll
2008-11-10 14:49 . 2008-11-10 14:49 <DIR> d--hs---- c:\windows\ftpcache
2008-11-10 01:14 . 2008-07-10 04:07 7,143 --a------ c:\windows\system32\nvide.nvu
2008-11-10 00:46 . 2008-11-10 00:46 <DIR> d-------- c:\documents and settings\Julinho\SystemRequirementsLab
2008-11-10 00:46 . 2008-11-10 00:49 <DIR> d-------- c:\arquivos de programas\SystemRequirementsLab
2008-11-09 23:01 . 2008-11-11 12:38 109,736 -r-hs---- c:\windows\system32\kamsoft.exe
2008-11-09 23:01 . 2008-11-10 22:20 108,271 -r-hs---- C:\whi.com
2008-11-09 23:01 . 2008-11-11 12:37 85,504 --------- c:\windows\system32\gasretyw0.dll
2008-11-08 21:22 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-08 21:22 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-08 21:22 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-08 21:22 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-08 21:22 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-11-08 21:22 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-08 21:22 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-08 17:40 . 2008-11-08 17:40 <DIR> d-------- c:\arquivos de programas\RocketDock
2008-11-06 21:06 . 2008-11-06 21:06 <DIR> d-------- c:\windows\SHELLNEW
2008-11-06 21:06 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-11-06 21:06 . 2008-11-06 21:06 421 --a------ c:\windows\ODBC.INI
2008-11-06 21:05 . 2008-11-06 21:05 <DIR> d-------- c:\arquivos de programas\Microsoft.NET
2008-11-06 20:52 . 2008-11-06 20:52 <DIR> d-------- c:\documents and settings\Julinho\Contacts
2008-11-04 13:31 . 2008-11-04 13:31 2,910 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-11-04 01:56 . 2008-11-04 01:56 208 --ah----- C:\sqmdata01.sqm
2008-11-04 01:56 . 2008-11-04 01:56 172 --ah----- C:\sqmnoopt01.sqm
2008-11-04 01:55 . 2008-11-04 01:55 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-04 01:55 . 2008-11-04 01:55 268 --ah----- C:\sqmdata00.sqm
2008-11-04 01:55 . 2008-11-04 01:55 244 --ah----- C:\sqmnoopt00.sqm
2008-11-04 01:29 . 2008-11-04 01:54 <DIR> d-------- c:\arquivos de programas\Windows Live
2008-11-04 01:26 . 2008-11-04 01:54 <DIR> d--hsc--- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller
2008-11-04 01:25 . 2008-11-04 01:29 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller
2008-11-02 23:33 . 2008-11-03 01:26 <DIR> d-------- c:\arquivos de programas\MoorHunt
2008-11-02 14:01 . 2008-11-02 14:01 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\Nero
2008-10-30 12:56 . 2005-01-14 02:41 11,254 --a------ c:\windows\system32\locate.com
2008-10-29 22:34 . 2008-10-29 22:34 <DIR> d-------- c:\windows\system32\xlive
2008-10-29 20:59 . 2008-10-29 20:59 <DIR> d-------- c:\arquivos de programas\Trend Micro
2008-10-29 18:27 . 2008-10-29 18:27 <DIR> d-------- c:\arquivos de programas\RivaTuner v2.10
2008-10-29 17:02 . 2008-10-29 20:55 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira
2008-10-29 13:08 . 2008-10-31 07:39 <DIR> d--h----- c:\windows\$hf_mig$
2008-10-29 00:16 . 2008-10-29 12:39 454 --a------ C:\autorun.MSNFix
2008-10-29 00:15 . 2008-10-29 12:42 105,339 --a------ c:\windows\system32\ckvo.MSNFix
2008-10-29 00:15 . 2008-04-13 11:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-10-28 16:19 . 2008-10-28 16:19 <DIR> d-------- c:\documents and settings\Julinho\Shaders
2008-10-25 18:46 . 2008-10-25 18:46 <DIR> d-------- c:\windows\Sun
2008-10-25 18:44 . 2008-10-25 18:44 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Ubisoft
2008-10-25 13:45 . 2008-10-25 13:45 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-10-20 23:57 . 2008-10-20 23:57 <DIR> d-------- c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
2008-10-18 18:54 . 2008-10-18 18:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\KONAMI
2008-10-16 23:55 . 2008-11-10 19:43 138,464 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-10-16 23:55 . 2008-11-10 15:05 22,328 --a------ c:\documents and settings\Julinho\Dados de aplicativos\PnkBstrK.sys
2008-10-16 23:54 . 2008-11-10 15:04 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-10-16 23:54 . 2008-11-10 19:43 111,928 --a------ c:\windows\system32\PnkBstrB.exe
2008-10-16 23:54 . 2008-11-10 15:04 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-10-16 23:06 . 2008-11-02 02:10 <DIR> d-------- c:\arquivos de programas\Valve
2008-10-16 21:44 . 2008-04-13 12:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-10-16 21:44 . 2008-04-13 12:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-10-16 21:39 . 2008-10-16 21:39 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Codemasters
2008-10-16 16:17 . 2008-10-16 16:17 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\vsosdk
2008-10-16 15:27 . 2008-04-13 12:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-16 13:50 . 2008-10-16 13:50 <DIR> d-------- c:\windows\system32\AGEIA
2008-10-16 13:50 . 2008-10-16 13:50 <DIR> d-------- c:\arquivos de programas\AGEIA Technologies
2008-10-16 13:49 . 2008-10-20 23:57 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-10-16 13:49 . 2008-10-07 14:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-10-16 13:49 . 2008-10-07 14:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-10-16 13:49 . 2008-10-07 14:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-10-16 01:20 . 2008-10-16 23:57 <DIR> d-------- c:\arquivos de programas\GameVicio
2008-10-16 01:16 . 2008-10-16 01:16 <DIR> d-------- c:\arquivos de programas\OpenAL
2008-10-16 01:16 . 2008-04-28 16:53 805,400 -ra------ c:\windows\system32\tmpFF.tmp
2008-10-16 01:16 . 2008-04-28 16:53 805,400 -ra------ c:\windows\system32\tmpFE.tmp
2008-10-16 01:16 . 2008-10-16 01:16 444,952 --a------ c:\windows\system32\wrap_oal.dll
2008-10-16 01:16 . 2008-10-16 01:16 109,080 --a------ c:\windows\system32\OpenAL32.dll
2008-10-16 00:17 . 2008-11-10 15:04 <DIR> d--h----- c:\arquivos de programas\InstallShield Installation Information
2008-10-15 23:54 . 2008-11-10 18:45 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP
2008-10-15 23:25 . 2008-11-09 16:23 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\Bioshock
2008-10-15 22:47 . 2008-10-15 22:47 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\Ashampoo
2008-10-15 22:40 . 2008-10-28 16:04 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\InstallShield Installation Information
2008-10-15 22:40 . 2008-10-15 22:40 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\InstallShield
2008-10-14 19:07 . 2008-11-10 19:29 <DIR> dr------- C:\Musicas
2008-10-14 13:19 . 2008-10-14 13:19 <DIR> d-------- C:\temp
2008-10-14 00:52 . 2008-10-14 00:52 <DIR> d-------- C:\Program Files
2008-10-13 01:54 . 2008-10-13 01:54 <DIR> d-------- c:\arquivos de programas\Java
2008-10-13 01:54 . 2008-06-10 03:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-13 01:41 . 2008-10-13 01:41 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Java
2008-10-13 00:53 . 2007-03-07 21:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-10-13 00:53 . 2007-03-07 21:51 43,528 --------- c:\windows\system32\drivers\PxHelp20.sys
2008-10-13 00:53 . 2007-03-07 21:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-10-13 00:53 . 2007-03-07 21:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-10-13 00:52 . 2008-10-13 00:54 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\Winamp
2008-10-13 00:52 . 2008-10-13 00:54 <DIR> d-------- c:\arquivos de programas\Winamp
2008-10-12 23:47 . 2008-11-10 14:37 69 --a------ c:\windows\NeroDigital.ini
2008-10-12 23:46 . 2008-10-12 23:46 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\Media Player Classic
2008-10-12 23:36 . 2008-11-11 13:19 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\uTorrent
2008-10-12 23:36 . 2008-10-12 23:36 <DIR> d-------- c:\arquivos de programas\uTorrent
2008-10-12 23:36 . 2007-07-30 20:19 43,352 --a------ c:\windows\system32\wups2.dll
2008-10-12 23:36 . 2007-07-30 20:18 34,136 --a------ c:\windows\system32\wucltui.dll.mui
2008-10-12 23:36 . 2007-07-30 20:20 30,040 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-10-12 23:36 . 2007-07-30 20:20 30,040 --a------ c:\windows\system32\wuapi.dll.mui
2008-10-12 23:36 . 2007-07-30 20:18 20,824 --a------ c:\windows\system32\wuaueng.dll.mui
2008-10-12 23:35 . 2008-11-10 01:14 <DIR> d-------- C:\NVIDIA
2008-10-12 23:35 . 2008-11-04 13:31 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\InstallShield
2008-10-12 23:35 . 2008-08-20 18:35 453,152 --a------ c:\windows\system32\nvusmb.exe
2008-10-12 23:35 . 2008-10-02 11:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-10-12 23:35 . 2008-08-19 11:41 2,344 --a------ c:\windows\system32\nvsmb.nvu
2008-10-12 23:29 . 2008-10-12 23:29 <DIR> d---s---- c:\documents and settings\Julinho\UserData
2008-10-12 23:28 . 2008-10-12 23:35 <DIR> d-------- c:\arquivos de programas\LimeWire
2008-10-12 23:28 . 2008-10-12 23:28 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack
2008-10-12 23:05 . 2008-10-12 23:05 <DIR> d-------- c:\arquivos de programas\Foxit Software
2008-10-12 23:03 . 2008-10-12 23:03 0 --a------ c:\windows\nsreg.dat
2008-10-12 23:02 . 2008-10-12 23:02 <DIR> d-------- c:\windows\Logs
2008-10-12 23:02 . 2008-11-06 23:33 <DIR> d-------- c:\arquivos de programas\DreaMule
2008-10-12 23:01 . 2008-10-12 23:01 <DIR> d-------- c:\arquivos de programas\Windows Media Connect 2
2008-10-12 23:01 . 2008-10-12 23:01 <DIR> d-------- c:\arquivos de programas\CCleaner
2008-10-12 23:00 . 2008-10-16 23:54 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-12 23:00 . 2008-10-12 23:00 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-10-12 23:00 . 2006-09-25 18:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-10-12 22:59 . 2008-10-12 22:59 <DIR> d-------- c:\arquivos de programas\DAEMON Tools Lite
2008-10-12 22:56 . 2008-10-12 21:09 <DIR> d--h----- c:\documents and settings\Administrador\Modelos
2008-10-12 22:56 . 2008-10-12 18:04 <DIR> d-------- c:\documents and settings\Administrador\Meus documentos
2008-10-12 22:56 . 2008-10-12 18:04 <DIR> dr------- c:\documents and settings\Administrador\Menu Iniciar
2008-10-12 22:56 . 2008-10-12 18:04 <DIR> d-------- c:\documents and settings\Administrador\Favoritos
2008-10-12 22:56 . 2008-10-30 19:30 <DIR> dr-h----- c:\documents and settings\Administrador\Dados de aplicativos
2008-10-12 22:56 . 2008-10-25 14:37 <DIR> d--h----- c:\documents and settings\Administrador\Configurações locais
2008-10-12 22:56 . 2008-10-12 18:04 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de rede
2008-10-12 22:56 . 2008-10-12 18:04 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de impressão

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 00:51 361,344 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2008-10-12 23:19 --------- d-----w c:\arquivos de programas\Driver-Soft
2008-10-12 23:13 --------- d-----w c:\arquivos de programas\microsoft frontpage
2008-10-12 23:11 --------- d-----w c:\arquivos de programas\Serviços on-line
2008-10-12 23:11 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços
2008-10-02 22:50 81,920 ----a-w c:\windows\system32\frapsvid.dll
2008-09-04 12:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-08-29 11:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-08-20 20:35 122,880 ----a-w c:\windows\system32\NVCOSMB.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-10-25_14.37.09,32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-06 23:06:01 110,592 ----a-w c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
- 2008-10-25 15:44:08 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-11-08 23:22:08 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-10-25 15:44:08 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-11-08 23:22:08 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-10-25 15:44:08 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-11-08 23:22:08 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-10-25 15:44:05 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 23:22:03 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-25 15:44:06 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 23:22:04 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-25 15:44:06 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 23:22:05 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-25 15:44:06 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 23:22:05 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-25 15:44:07 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 23:22:05 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-25 15:44:07 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 23:22:06 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-25 15:44:07 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 23:22:06 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-25 15:44:07 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 23:22:07 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-25 15:44:07 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 23:22:07 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-25 15:44:08 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 23:22:09 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-25 15:44:09 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-11-08 23:22:09 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-10-25 15:44:09 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-11-08 23:22:09 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-10-25 15:44:09 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-11-08 23:22:09 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-10-25 15:44:09 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-11-08 23:22:10 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-10-25 15:44:08 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-11-08 23:22:08 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-11-06 23:06:01 64,088 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-11-06 23:06:01 229,376 ----a-w c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-11-06 23:06:01 4,096 ----a-w c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-11-06 23:06:01 223,800 ----a-w c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-11-06 23:06:02 16,384 ----a-w c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2005-10-20 22:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-11-04 15:30:27 15,086 ----a-r c:\windows\Installer\{4D87DC92-C328-46EC-A7B4-9C88129DC696}\DS_48.exe
+ 2008-11-04 15:30:28 4,374,792 ----a-r c:\windows\Installer\{4D87DC92-C328-46EC-A7B4-9C88129DC696}\EAregister.exe
+ 2008-10-30 00:52:55 136,914 ----a-r c:\windows\Installer\{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}\ARPPRODUCTICON.exe
+ 2008-10-30 00:52:55 176,128 ----a-r c:\windows\Installer\{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}\LPCLauncher.exe_6FCFA783CE7B4018AC480E6EEAAEA322.exe
+ 2008-10-30 00:52:55 176,128 ----a-r c:\windows\Installer\{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}\LPCLauncher.exe1_6FCFA783CE7B4018AC480E6EEAAEA322.exe
+ 2008-11-04 03:54:44 29,926 ----a-r c:\windows\Installer\{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}\MsblIco.Exe
+ 2008-11-06 23:06:36 593,920 ----a-r c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-11-06 23:06:36 12,288 ----a-r c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-06 23:06:36 86,016 ----a-r c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-11-06 23:06:36 135,168 ----a-r c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-06 23:06:36 11,264 ----a-r c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-06 23:06:36 27,136 ----a-r c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-06 23:06:36 4,096 ----a-r c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-06 23:06:36 794,624 ----a-r c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-06 23:06:36 249,856 ----a-r c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-06 23:06:36 61,440 ----a-r c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-11-06 23:06:36 23,040 ----a-r c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-06 23:06:36 286,720 ----a-r c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-06 23:06:36 409,600 ----a-r c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-10-28 18:04:40 25,214 ----a-r c:\windows\Installer\{A724605D-B399-4304-B8C7-33B3EF7D4677}\ARPPRODUCTICON.exe
+ 2008-10-28 18:04:40 25,214 ----a-r c:\windows\Installer\{A724605D-B399-4304-B8C7-33B3EF7D4677}\Shortcut_Bully_EFI_A786D89EB9F04DED932F18E487236621.exe
+ 2008-11-10 17:04:38 11,502 ----a-r c:\windows\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe
+ 2008-08-18 20:54:00 145,952 ----a-w c:\windows\system32\drivers\nvgts.sys
+ 2003-08-03 20:56:16 1,146,184 ----a-w c:\windows\system32\FM20.DLL
+ 2003-08-18 13:47:42 41,616 ----a-w c:\windows\system32\FM20PTB.DLL
+ 2001-01-23 03:05:06 28,944 ----a-w c:\windows\system32\FM20PTG.DLL
- 2008-10-12 23:16:16 91,088 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-07 14:22:22 110,992 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2002-08-21 07:10:16 204,800 ----a-w c:\windows\system32\INKED.DLL
+ 2008-03-20 20:06:36 1,480,232 ------w c:\windows\system32\LegitCheckControl.dll
+ 2008-03-25 02:32:44 218,496 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-11-04 15:31:17 74,137 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 1999-05-10 20:08:20 57,344 ----a-w c:\windows\system32\MFC42PTB.DLL
+ 1999-05-18 17:16:48 7,680 ----a-w c:\windows\system32\MSPRPPTB.DLL
+ 2000-05-11 15:06:20 397,312 ----a-w c:\windows\system32\MSRDO20.DLL
+ 2000-05-24 08:45:58 118,784 ----a-w c:\windows\system32\MSSTDFMT.DLL
+ 1998-08-09 21:07:34 94,208 ----a-w c:\windows\system32\MSSTKPRP.DLL
+ 2007-07-30 21:18:34 207,736 ----a-w c:\windows\system32\muweb.dll
+ 2008-08-18 20:54:00 372,256 ----a-w c:\windows\system32\nvraidco.dll
+ 2008-08-18 20:54:00 372,256 ----a-w c:\windows\system32\nvraiins.dll
+ 2008-08-18 20:54:00 15,904 ----a-w c:\windows\system32\NvRCoAr.dll
+ 2008-08-18 20:54:00 15,904 ----a-w c:\windows\system32\NvRCoCs.dll
+ 2008-08-18 20:54:00 16,416 ----a-w c:\windows\system32\NvRCoDa.dll
+ 2008-08-18 20:54:00 16,416 ----a-w c:\windows\system32\NvRCoDe.dll
+ 2008-08-18 20:54:00 16,928 ----a-w c:\windows\system32\NvRCoEl.dll
+ 2008-08-18 20:54:00 15,904 ----a-w c:\windows\system32\NvRCoEng.dll
+ 2008-08-18 20:54:00 15,904 ----a-w c:\windows\system32\NvRCoENU.dll
+ 2008-08-18 20:54:00 16,928 ----a-w c:\windows\system32\NvRCoEs.dll
+ 2008-08-18 20:54:00 16,928 ----a-w c:\windows\system32\NvRCoEsm.dll
+ 2008-08-18 20:54:00 16,416 ----a-w c:\windows\system32\NvRCoFi.dll
+ 2008-08-18 20:54:00 16,928 ----a-w c:\windows\system32\NvRCoFr.dll
+ 2008-08-18 20:54:00 15,392 ----a-w c:\windows\system32\NvRCoHe.dll
+ 2008-08-18 20:54:00 16,416 ----a-w c:\windows\system32\NvRCoHu.dll
+ 2008-08-18 20:54:00 16,928 ----a-w c:\windows\system32\NvRCoIt.dll
+ 2008-08-18 20:54:00 14,880 ----a-w c:\windows\system32\NvRCoJa.dll
+ 2008-08-18 20:54:00 14,368 ----a-w c:\windows\system32\NvRCoKo.dll
+ 2008-08-18 20:54:00 16,416 ----a-w c:\windows\system32\NvRCoNl.dll
+ 2008-08-18 20:54:00 16,416 ----a-w c:\windows\system32\NvRCoNo.dll
+ 2008-08-18 20:54:00 16,416 ----a-w c:\windows\system32\NvRCoPl.dll
+ 2008-08-18 20:54:00 16,928 ----a-w c:\windows\system32\NvRCoPt.dll
+ 2008-08-18 20:54:00 16,928 ----a-w c:\windows\system32\NvRCoPtb.dll
+ 2008-08-18 20:54:00 16,416 ----a-w c:\windows\system32\NvRCoRu.dll
+ 2008-08-18 20:54:00 16,416 ----a-w c:\windows\system32\NvRCoSk.dll
+ 2008-08-18 20:54:00 16,416 ----a-w c:\windows\system32\NvRCoSl.dll
+ 2008-08-18 20:54:00 16,416 ----a-w c:\windows\system32\NvRCoSv.dll
+ 2008-08-18 20:54:00 15,904 ----a-w c:\windows\system32\NvRCoTh.dll
+ 2008-08-18 20:54:00 16,416 ----a-w c:\windows\system32\NvRCoTr.dll
+ 2008-08-18 20:54:00 13,856 ----a-w c:\windows\system32\NvRCoZhc.dll
+ 2008-08-18 20:54:00 13,856 ----a-w c:\windows\system32\NvRCoZht.dll
+ 2000-04-03 19:52:54 151,552 ----a-w c:\windows\system32\RDOCURS.DLL
+ 2008-04-14 12:00:00 96,512 ----a-w c:\windows\system32\ReinstallBackups\0077\DriverFiles\i386\atapi.sys
+ 2008-04-14 12:00:00 3,456 ----a-w c:\windows\system32\ReinstallBackups\0077\DriverFiles\i386\pciide.sys
+ 2008-04-14 12:00:00 24,960 ----a-w c:\windows\system32\ReinstallBackups\0077\DriverFiles\i386\pciidex.sys
+ 2008-04-14 12:00:00 96,512 ----a-w c:\windows\system32\ReinstallBackups\0078\DriverFiles\i386\atapi.sys
+ 2008-04-14 12:00:00 3,456 ----a-w c:\windows\system32\ReinstallBackups\0078\DriverFiles\i386\pciide.sys
+ 2008-04-14 12:00:00 24,960 ----a-w c:\windows\system32\ReinstallBackups\0078\DriverFiles\i386\pciidex.sys
+ 1998-03-25 07:54:08 15,872 ----a-w c:\windows\system32\SCP32.DLL
+ 2007-10-18 13:31:46 51,224 ----a-w c:\windows\system32\sirenacm.dll
- 2006-09-25 20:58:48 14,640 ------w c:\windows\system32\spmsg.dll
+ 2008-03-20 16:41:20 14,640 ------w c:\windows\system32\spmsg.dll
+ 2003-06-19 03:31:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2003-06-19 03:31:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2003-06-19 03:31:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2003-06-19 03:31:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2003-06-19 03:31:48 18,944 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 1999-11-25 04:40:50 40,960 ----a-w c:\windows\system32\VBAME.DLL
+ 2002-08-21 07:13:12 189,952 ----a-w c:\windows\system32\WISPTIS.EXE
- 2007-08-07 22:22:14 8,607,552 ----a-w c:\windows\system32\xlive.dll
+ 2007-11-26 23:56:20 10,155,840 ----a-w c:\windows\system32\xlive.dll
+ 2007-09-18 17:01:02 134,144 ----a-w c:\windows\system32\xlive\sqmapi.dll
- 2007-08-07 22:22:16 13,653,824 ----a-w c:\windows\system32\xlivefnt.dll
+ 2007-11-26 23:56:20 13,653,824 ----a-w c:\windows\system32\xlivefnt.dll
+ 2006-06-05 16:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 16:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 16:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
-- Snapshot resetado para data atual --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2008-10-12 219952]
"RocketDock"="c:\arquivos de programas\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^Julinho^Menu Iniciar^Programas^Inicializar^Debugger.exe.lnk]
path=c:\documents and settings\Julinho\Menu Iniciar\Programas\Inicializar\Debugger.exe.lnk
backup=c:\windows\pss\Debugger.exe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 10:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 13:02 490952 c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kamsoft]
-r-hs---- 2008-11-11 12:38 109736 c:\windows\system32\kamsoft.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 14:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 14:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a--c--- 2006-12-18 22:34 868352 c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 05:27 144784 c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 14:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"d:\\Jogos\\Race Driver GRID\\GRID.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Jogos\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Arquivos de programas\\DreaMule\\emule.exe"=
"d:\\Jogos\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"d:\\Jogos\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"d:\\Programas\\Vdownloader\\VDownloader.exe"=
"d:\\Jogos\\Lost Planet Colonies\\LostPlanetColoniesDX9.exe"=
"d:\\Jogos\\Lost Planet Colonies\\LostPlanetColoniesDX10.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Jogos\\Dead Space\\Dead Space.exe"=
"d:\\Jogos\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\Jogos\\Call of Duty - World at War\\CoDWaW.exe"=

R0 nvgts;nvgts;c:\windows\system32\DRIVERS\nvgts.sys [2008-08-18 145952]
.
.
------- Scan Suplementar -------
.
FireFox -: Profile - c:\documents and settings\Julinho\Dados de aplicativos\Mozilla\Firefox\Profiles\rl9r1z6a.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 13:19:32
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\PnkBstrA.exe
.
**************************************************************************
.
Tempo para conclusão: 2008-11-11 13:20:55 - Máquina reiniciou
ComboFix-quarantined-files.txt 2008-11-11 15:20:52
ComboFix2.txt 2008-10-25 16:37:26

Pré-execução: 231.514.112 bytes disponíveis
Pós execução: 178,839,552 bytes disponíveis

385

:wave:
 
Julinhhu, delete o programa USBFix. Delete também a pasta C:\Qoobox e o arquivo C:\ComboFix.txt.

Selecione e copie todo o conteúdo abaixo dentro do QUOTE (começando de File até o final). Cole este conteúdo copiado dentro do bloco de notas de seu PC e salve-o no desktop com o nome de CFScript.txt

File::
C:\lky.exe
c:\windows\system32\gasretyw1.dll
c:\windows\system32\kamsoft.exe
C:\whi.com
c:\windows\system32\gasretyw0.dll
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\autorun.MSNFix
c:\windows\system32\ckvo.MSNFix

Folder::
c:\arquivos de programas\UsbFix
c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
C:\temp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kamsoft]
Clique para expandir...

Arraste o CFScript para o ComboFix conforme a imagem abaixo:

CFScript.gif


O ComboFix seu auto-executará, aguarde. Se solicitado pressione "Enter" para iniciar o processo de remoção;

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um novo log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, reinicie-o manualmente.

Na sua próxima resposta Julinhhu, cole o ComboFix.txt e um novo log do HijackThis.
 
Xleon disse:
OW rapaz, Blz?

Tranquilo, obrigado pela informação, sinceramente eu pensei que o ComboFix era somente para remover alguns malwares e tirar relatórios e não sabia que ele podia fazer esse estragos... hehehe... Vlw ae pela informação!!

Segue o Log do SD
SDFix: Version 1.240
Run by Administrator on Tue 11/11/2008 at 09:09 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
No Trojan Files Found



Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 09:23:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000005f
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\WINDOWS\\keyacc32.exe"="C:\\WINDOWS\\keyacc32.exe:*:Enabled:KeyAccess"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
Remaining Files :

Files with Hidden Attributes :
Thu 24 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!

Vlw ae
Clique para expandir...
Xleon, delete a pasta C:\SDFix e o programa.

Poste um novo log do HijackThis por gentileza Xleon.
 
Mr.Wolf disse:
Julinhhu, delete o programa USBFix. Delete também a pasta C:\Qoobox e o arquivo C:\ComboFix.txt.

Selecione e copie todo o conteúdo abaixo dentro do QUOTE (começando de File até o final). Cole este conteúdo copiado dentro do bloco de notas de seu PC e salve-o no desktop com o nome de CFScript.txt



Arraste o CFScript para o ComboFix conforme a imagem abaixo:

CFScript.gif


O ComboFix seu auto-executará, aguarde. Se solicitado pressione "Enter" para iniciar o processo de remoção;

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um novo log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, reinicie-o manualmente.

Na sua próxima resposta Julinhhu, cole o ComboFix.txt e um novo log do HijackThis.
Clique para expandir...

Log ComboFix

ComboFix 08-11-10.01 - Julinho 2008-11-11 13:58:05.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2107 [GMT -2:00]
Executando de: d:\programas\ComboFix.exe
Comandos utilizados :: d:\programas\CFScript.txt.txt
* Criado um novo ponto de restauro

FILE ::
C:\autorun.MSNFix
C:\lky.exe
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\whi.com
c:\windows\system32\ckvo.MSNFix
c:\windows\system32\gasretyw0.dll
c:\windows\system32\gasretyw1.dll
c:\windows\system32\kamsoft.exe
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\arquivos de programas\UsbFix
c:\arquivos de programas\UsbFix\tmp.reg
C:\autorun.MSNFix
C:\lky.exe
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\temp
C:\whi.com
c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP\WiseCustomCalla.dll
c:\windows\system32\ckvo.MSNFix
c:\windows\system32\gasretyw0.dll
c:\windows\system32\gasretyw1.dll
c:\windows\system32\kamsoft.exe

.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))
.

2008-11-10 14:49 . 2008-11-10 14:49 <DIR> d--hs---- c:\windows\ftpcache
2008-11-10 01:14 . 2008-07-10 04:07 7,143 --a------ c:\windows\system32\nvide.nvu
2008-11-10 00:46 . 2008-11-10 00:46 <DIR> d-------- c:\documents and settings\Julinho\SystemRequirementsLab
2008-11-10 00:46 . 2008-11-10 00:49 <DIR> d-------- c:\arquivos de programas\SystemRequirementsLab
2008-11-08 21:22 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-08 21:22 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-08 21:22 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-08 21:22 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-08 21:22 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-11-08 21:22 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-08 21:22 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-08 17:40 . 2008-11-08 17:40 <DIR> d-------- c:\arquivos de programas\RocketDock
2008-11-06 21:06 . 2008-11-06 21:06 <DIR> d-------- c:\windows\SHELLNEW
2008-11-06 21:06 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-11-06 21:06 . 2008-11-06 21:06 421 --a------ c:\windows\ODBC.INI
2008-11-06 21:05 . 2008-11-06 21:05 <DIR> d-------- c:\arquivos de programas\Microsoft.NET
2008-11-06 20:52 . 2008-11-06 20:52 <DIR> d-------- c:\documents and settings\Julinho\Contacts
2008-11-04 13:31 . 2008-11-04 13:31 2,910 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-11-04 01:55 . 2008-11-04 01:55 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-04 01:29 . 2008-11-04 01:54 <DIR> d-------- c:\arquivos de programas\Windows Live
2008-11-04 01:26 . 2008-11-04 01:54 <DIR> d--hsc--- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller
2008-11-04 01:25 . 2008-11-04 01:29 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller
2008-11-02 23:33 . 2008-11-03 01:26 <DIR> d-------- c:\arquivos de programas\MoorHunt
2008-11-02 14:01 . 2008-11-02 14:01 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\Nero
2008-10-30 12:56 . 2005-01-14 02:41 11,254 --a------ c:\windows\system32\locate.com
2008-10-29 22:34 . 2008-10-29 22:34 <DIR> d-------- c:\windows\system32\xlive
2008-10-29 20:59 . 2008-10-29 20:59 <DIR> d-------- c:\arquivos de programas\Trend Micro
2008-10-29 18:27 . 2008-10-29 18:27 <DIR> d-------- c:\arquivos de programas\RivaTuner v2.10
2008-10-29 17:02 . 2008-10-29 20:55 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira
2008-10-29 13:08 . 2008-10-31 07:39 <DIR> d--h----- c:\windows\$hf_mig$
2008-10-29 00:15 . 2008-04-13 11:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-10-28 16:19 . 2008-10-28 16:19 <DIR> d-------- c:\documents and settings\Julinho\Shaders
2008-10-25 18:46 . 2008-10-25 18:46 <DIR> d-------- c:\windows\Sun
2008-10-25 18:44 . 2008-10-25 18:44 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Ubisoft
2008-10-25 13:45 . 2008-10-25 13:45 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-10-18 18:54 . 2008-10-18 18:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\KONAMI
2008-10-16 23:55 . 2008-11-11 13:53 138,464 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-10-16 23:55 . 2008-11-10 15:05 22,328 --a------ c:\documents and settings\Julinho\Dados de aplicativos\PnkBstrK.sys
2008-10-16 23:54 . 2008-11-10 15:04 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-10-16 23:54 . 2008-11-11 13:53 111,928 --a------ c:\windows\system32\PnkBstrB.exe
2008-10-16 23:54 . 2008-11-10 15:04 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-10-16 23:06 . 2008-11-02 02:10 <DIR> d-------- c:\arquivos de programas\Valve
2008-10-16 21:44 . 2008-04-13 12:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-10-16 21:44 . 2008-04-13 12:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-10-16 21:39 . 2008-10-16 21:39 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Codemasters
2008-10-16 16:17 . 2008-10-16 16:17 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\vsosdk
2008-10-16 15:27 . 2008-04-13 12:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-16 13:50 . 2008-10-16 13:50 <DIR> d-------- c:\windows\system32\AGEIA
2008-10-16 13:50 . 2008-10-16 13:50 <DIR> d-------- c:\arquivos de programas\AGEIA Technologies
2008-10-16 13:49 . 2008-10-20 23:57 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-10-16 13:49 . 2008-10-07 14:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-10-16 13:49 . 2008-10-07 14:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-10-16 13:49 . 2008-10-07 14:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-10-16 01:20 . 2008-11-11 13:33 <DIR> d-------- c:\arquivos de programas\GameVicio
2008-10-16 01:16 . 2008-10-16 01:16 <DIR> d-------- c:\arquivos de programas\OpenAL
2008-10-16 01:16 . 2008-04-28 16:53 805,400 -ra------ c:\windows\system32\tmpFF.tmp
2008-10-16 01:16 . 2008-04-28 16:53 805,400 -ra------ c:\windows\system32\tmpFE.tmp
2008-10-16 01:16 . 2008-10-16 01:16 444,952 --a------ c:\windows\system32\wrap_oal.dll
2008-10-16 01:16 . 2008-10-16 01:16 109,080 --a------ c:\windows\system32\OpenAL32.dll
2008-10-16 00:17 . 2008-11-10 15:04 <DIR> d--h----- c:\arquivos de programas\InstallShield Installation Information
2008-10-15 23:54 . 2008-11-10 18:45 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP
2008-10-15 23:25 . 2008-11-09 16:23 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\Bioshock
2008-10-15 22:47 . 2008-10-15 22:47 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\Ashampoo
2008-10-15 22:40 . 2008-10-28 16:04 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\InstallShield Installation Information
2008-10-15 22:40 . 2008-10-15 22:40 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\InstallShield
2008-10-14 19:07 . 2008-11-10 19:29 <DIR> dr------- C:\Musicas
2008-10-14 00:52 . 2008-10-14 00:52 <DIR> d-------- C:\Program Files
2008-10-13 01:54 . 2008-10-13 01:54 <DIR> d-------- c:\arquivos de programas\Java
2008-10-13 01:54 . 2008-06-10 03:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-13 01:41 . 2008-10-13 01:41 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Java
2008-10-13 00:53 . 2007-03-07 21:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-10-13 00:53 . 2007-03-07 21:51 43,528 --------- c:\windows\system32\drivers\PxHelp20.sys
2008-10-13 00:53 . 2007-03-07 21:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-10-13 00:53 . 2007-03-07 21:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-10-13 00:52 . 2008-10-13 00:54 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\Winamp
2008-10-13 00:52 . 2008-10-13 00:54 <DIR> d-------- c:\arquivos de programas\Winamp
2008-10-12 23:47 . 2008-11-10 14:37 69 --a------ c:\windows\NeroDigital.ini
2008-10-12 23:46 . 2008-10-12 23:46 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\Media Player Classic
2008-10-12 23:36 . 2008-11-11 13:57 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\uTorrent
2008-10-12 23:36 . 2008-10-12 23:36 <DIR> d-------- c:\arquivos de programas\uTorrent
2008-10-12 23:36 . 2007-07-30 20:19 43,352 --a------ c:\windows\system32\wups2.dll
2008-10-12 23:36 . 2007-07-30 20:18 34,136 --a------ c:\windows\system32\wucltui.dll.mui
2008-10-12 23:36 . 2007-07-30 20:20 30,040 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-10-12 23:36 . 2007-07-30 20:20 30,040 --a------ c:\windows\system32\wuapi.dll.mui
2008-10-12 23:36 . 2007-07-30 20:18 20,824 --a------ c:\windows\system32\wuaueng.dll.mui
2008-10-12 23:35 . 2008-11-10 01:14 <DIR> d-------- C:\NVIDIA
2008-10-12 23:35 . 2008-11-04 13:31 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\InstallShield
2008-10-12 23:35 . 2008-08-20 18:35 453,152 --a------ c:\windows\system32\nvusmb.exe
2008-10-12 23:35 . 2008-10-02 11:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-10-12 23:35 . 2008-08-19 11:41 2,344 --a------ c:\windows\system32\nvsmb.nvu
2008-10-12 23:29 . 2008-10-12 23:29 <DIR> d---s---- c:\documents and settings\Julinho\UserData
2008-10-12 23:28 . 2008-10-12 23:35 <DIR> d-------- c:\arquivos de programas\LimeWire
2008-10-12 23:28 . 2008-10-12 23:28 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack
2008-10-12 23:05 . 2008-10-12 23:05 <DIR> d-------- c:\arquivos de programas\Foxit Software
2008-10-12 23:03 . 2008-10-12 23:03 0 --a------ c:\windows\nsreg.dat
2008-10-12 23:02 . 2008-10-12 23:02 <DIR> d-------- c:\windows\Logs
2008-10-12 23:02 . 2008-11-06 23:33 <DIR> d-------- c:\arquivos de programas\DreaMule
2008-10-12 23:01 . 2008-10-12 23:01 <DIR> d-------- c:\arquivos de programas\Windows Media Connect 2
2008-10-12 23:01 . 2008-10-12 23:01 <DIR> d-------- c:\arquivos de programas\CCleaner
2008-10-12 23:00 . 2008-10-16 23:54 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-12 23:00 . 2008-10-12 23:00 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-10-12 23:00 . 2006-09-25 18:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-10-12 22:59 . 2008-10-12 22:59 <DIR> d-------- c:\arquivos de programas\DAEMON Tools Lite
2008-10-12 22:56 . 2008-10-12 21:09 <DIR> d--h----- c:\documents and settings\Administrador\Modelos
2008-10-12 22:56 . 2008-10-12 18:04 <DIR> d-------- c:\documents and settings\Administrador\Meus documentos
2008-10-12 22:56 . 2008-10-12 18:04 <DIR> dr------- c:\documents and settings\Administrador\Menu Iniciar
2008-10-12 22:56 . 2008-10-12 18:04 <DIR> d-------- c:\documents and settings\Administrador\Favoritos
2008-10-12 22:56 . 2008-10-30 19:30 <DIR> dr-h----- c:\documents and settings\Administrador\Dados de aplicativos
2008-10-12 22:56 . 2008-10-25 14:37 <DIR> d--h----- c:\documents and settings\Administrador\Configurações locais
2008-10-12 22:56 . 2008-10-12 18:04 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de rede
2008-10-12 22:56 . 2008-10-12 18:04 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de impressão
2008-10-12 22:55 . 2008-10-29 12:48 <DIR> d-------- c:\documents and settings\Administrador
2008-10-12 22:54 . 2008-10-12 22:54 <DIR> d-------- c:\documents and settings\Julinho\Dados de aplicativos\DAEMON Tools
2008-10-12 22:54 . 2008-10-12 22:54 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-10-12 22:52 . 2008-10-12 22:52 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Nero
2008-10-12 22:52 . 2008-10-12 22:52 <DIR> d-------- c:\arquivos de programas\UltraISO
2008-10-12 22:52 . 2008-10-12 22:52 <DIR> d-------- c:\arquivos de programas\Nero
2008-10-12 22:52 . 2008-10-12 22:52 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nero
2008-10-12 22:52 . 2008-10-12 22:52 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\EZB Systems
2008-10-12 22:52 . 2006-03-17 13:45 1,757,184 --a------ c:\windows\system32\imagX7.dll
2008-10-12 22:52 . 2006-03-17 13:45 802,816 --a------ c:\windows\system32\imagXRA7.dll
2008-10-12 22:52 . 2006-03-17 13:45 497,296 --a------ c:\windows\system32\imagXpr7.dll
2008-10-12 22:52 . 2006-03-17 16:49 368,640 --a------ c:\windows\system32\TwnLib4.dll
2008-10-12 22:52 . 2006-03-17 13:45 258,048 --a------ c:\windows\system32\imagXR7.dll
2008-10-12 22:51 . 2008-10-12 22:51 361,344 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 00:51 361,344 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2008-10-12 23:19 --------- d-----w c:\arquivos de programas\Driver-Soft
2008-10-12 23:13 --------- d-----w c:\arquivos de programas\microsoft frontpage
2008-10-12 23:11 --------- d-----w c:\arquivos de programas\Serviços on-line
2008-10-12 23:11 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços
2008-10-02 22:50 81,920 ----a-w c:\windows\system32\frapsvid.dll
2008-09-04 12:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-08-29 11:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-08-20 20:35 122,880 ----a-w c:\windows\system32\NVCOSMB.DLL
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2008-10-12 219952]
"RocketDock"="c:\arquivos de programas\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^Julinho^Menu Iniciar^Programas^Inicializar^Debugger.exe.lnk]
path=c:\documents and settings\Julinho\Menu Iniciar\Programas\Inicializar\Debugger.exe.lnk
backup=c:\windows\pss\Debugger.exe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 10:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 13:02 490952 c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 14:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 14:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a--c--- 2006-12-18 22:34 868352 c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 05:27 144784 c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 14:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"d:\\Jogos\\Race Driver GRID\\GRID.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Jogos\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Arquivos de programas\\DreaMule\\emule.exe"=
"d:\\Jogos\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"d:\\Jogos\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"d:\\Programas\\Vdownloader\\VDownloader.exe"=
"d:\\Jogos\\Lost Planet Colonies\\LostPlanetColoniesDX9.exe"=
"d:\\Jogos\\Lost Planet Colonies\\LostPlanetColoniesDX10.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Jogos\\Dead Space\\Dead Space.exe"=
"d:\\Jogos\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\Jogos\\Call of Duty - World at War\\CoDWaW.exe"=

R0 nvgts;nvgts;c:\windows\system32\DRIVERS\nvgts.sys [2008-08-18 145952]
.
- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-kamsoft - c:\windows\system32\kamsoft.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 13:59:19
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2008-11-11 13:59:56
ComboFix-quarantined-files.txt 2008-11-11 15:59:47

Pré-execução: 151.269.376 bytes disponíveis
Pós execução: 142,540,800 bytes disponíveis

252

Log HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:27, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Arquivos de programas\RocketDock\RocketDock.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1223861381875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1226069893859
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACC66AB7-7D61-4F66-8740-31FB4C07457C}: NameServer = 201.10.120.3,201.10.1.2
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 3176 bytes
 
Julinhhu, delete as pastas C:\Qoobox, C:\ComboFix e o arquivo C:\ComboFix.txt.
Vá em Iniciar > Executar, digite: combofix /u e tecle Enter para remover a ferramenta.

Os logs estão limpos Julinhhu. :)

Há algum problema na máquina ainda?
 
fala wolf...


uma duvida meio off...

vc recomenda instalar o service pack 3?...
meu xp tem tudo instalado e atualizado...
a unica coisa q nao baixei foi ele...
pq eu ja uso a um certo tempo...
e dizem q o melhor é formatar...e instalar tudo do zero...

abraçosssssssssss...
 
Com certeza, recomendo sim a instalação do SP3 hotsauce2007. Quanto mais atualizado o sistema estiver, mais seguro estará. E o SP3 é ótimo. Pode instalá-lo sim.

pq eu ja uso a um certo tempo...
e dizem q o melhor é formatar...e instalar tudo do zero...
Clique para expandir...
Não tem nada a ver isso. Pode instalar tranquilamente.
 
Mr.Wolf disse:
Julinhhu, delete as pastas C:\Qoobox, C:\ComboFix e o arquivo C:\ComboFix.txt.
Vá em Iniciar > Executar, digite: combofix /u e tecle Enter para remover a ferramenta.

Os logs estão limpos Julinhhu. :)

Há algum problema na máquina ainda?
Clique para expandir...

Por enquanto ta tudo normal, caso precise eu post denovo

Vlw pela ajuda !
 
SAUDOOOOOOOSO MISTER WOLF!!

Meu caro, volto aqui pra lhe pedir ajuda, pq meu pc nao está desligando corretamente. Eu geralmente desligo apertando o "Power" no teclado. Depois disso, some tudo da tela, ficando APENAS a imagem do plano de fundo, e desligar que é bom, nada. Acho que nao tem a ver com virus, mas vc por ser bem conhecedor de softwares, acho que pode me ajudar.

Grande abraço.
 
Mr.Wolf disse:
luisednardo

O PC1 não vi nenhum problema no log. Ocorre algum problema com esta máquina?

Já com o PC2, siga as instruções abaixo.

Vá em Painel de Controle > Adicionar ou Remover Programas. Encontre e desinstale o item ADSTechnology. Em seguida.

Faça o download do Malwarebytes Anti-Malware

- Dê dois cliques sobre o programa para iniciar a instalação;
- Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
- Marque "Verificação Completa" e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
- Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
- Se algo for detectado, veja se tudo está marcado e clique em "Remover";
- O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
- Copie e cole o conteúdo desse log na sua próxima resposta.

E também gere novo log do HijackThis e cole na sua resposta junto com o do Malwarebytes luisednardo.
Clique para expandir...

Ok Mr. Wolf, desculpe a demora. Seguem os logs

Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 19:38:54, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\UOL\Acelerador UOL\AcUOLClt.exe
C:\Arquivos de programas\UOL\Acelerador UOL\vcn.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
C:\ARQUIV~1\AVG\AVG8\avgam.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AceleradorUOL] "C:\Arquivos de programas\UOL\Acelerador UOL\AcUOLClt.exe"
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acelerador UOL - Unknown owner - C:\Arquivos de programas\UOL\Acelerador UOL\vcn.exe" -f "C:\Arquivos de programas\UOL\Acelerador UOL\acelerador.cfg" -Srun (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

Malwarebytes
Malwarebytes' Anti-Malware 1.30
Versão do banco de dados: 1383
Windows 5.1.2600 Service Pack 3

11/11/2008 19:34:54
mbam-log-2008-11-11 (19-34-54).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 89367
Tempo decorrido: 27 minute(s), 21 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 5
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 2

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
C:\System Volume Information\_restore{5B26D223-2DA2-43AB-A5EF-81C376ADFABA}\RP103\A0050248.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Trojan.BHO) -> Delete on reboot.
 
Será que algum antivirus que remove o virus AVG, aquele que exclui arquivos do sistema, um dos principais arquivos do sistema? user32.dll

haha nem o Avast conseguiu essa proeza...
 
saporra disse:
SAUDOOOOOOOSO MISTER WOLF!!

Meu caro, volto aqui pra lhe pedir ajuda, pq meu pc nao está desligando corretamente. Eu geralmente desligo apertando o "Power" no teclado. Depois disso, some tudo da tela, ficando APENAS a imagem do plano de fundo, e desligar que é bom, nada. Acho que nao tem a ver com virus, mas vc por ser bem conhecedor de softwares, acho que pode me ajudar.

Grande abraço.
Clique para expandir...
saporra, acho que não obra de vírus não. Já vi casos em que este problema era gerado por causa do driver da placa de vídeo. O amigo atualizou o driver e resolveu o problema. Mas pode ser várias coisas. Porém, quero verificar uma coisinha aí saporra. Peço que faça um scan no BitDefender seguindo o tutorial do link abaixo e poste o relatório final do scan aqui saporra.
http://www.linhadefensiva.org/forum/index.php?showtopic=56378

Lembrando que o scan deve ser feito pelo Internet Explorer. :thumbs_up


____________________________________


luisednardo

Abra o Malwarebytes e clique em Quarentena > Remover Tudo.

- Faça o download do ComboFix e salve-o no desktop;
Obs: Para que a ferramenta seja executada é necessário que esteja no desktop (Área de Trabalho);

- Desative, temporariamente, o antivírus;
- Feche todas as janelas abertas;
Vá em Iniciar > Executar, digite "%userprofile%\desktop\combofix.exe" /killall e clique em Ok como na imagem:
combofixejr8.gif


- Na próxima janela clique em Executar e aguarde até que o relatório seja gerado;
- O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.
- Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
- Não clique no ComboFix e procure não utilizar o teclado também;
- Para parar ou sair do ComboFix, tecle "N".

Cole o log do ComboFix em sua resposta luisednardo.
 
lyraal disse:
Será que algum antivirus que remove o virus AVG, aquele que exclui arquivos do sistema, um dos principais arquivos do sistema? user32.dll

haha nem o Avast conseguiu essa proeza...
Clique para expandir...
lyraal, sinceramente não entendi! Vírus do AVG? :huh:

O arquivo que exclui arquivos do sistema é o File Infector. Você diz a ferramenta standalone do AVG que remove o File Infector? Não seria isso?
 
victorm disse:
Wolf, ele tá se referindo a um falso-positivo feio do AVG: http://www.adrenaline.com.br/forum/showthread.php?t=217121 :)
Clique para expandir...
Ah tá, obrigado amigo Victor.

Este falso-positivo não foi dado só pelo AVG não, os antivirus da Sophos e BitDeefender também deram este falso-positivo.

A culpa na verdade não é nem das empresas, o fato é que o banker em questão, é um trojan que surgiu recentemente, e seus códigos maliciosos são exatamente iguais ao do backdoor "user32.dll" - C:\Documents and Settings\user32.dll. Por isso o aleta do AVG e dos outros antivirus.

Este novo banker, aliás, faz todos os antivirus acreditarem ser os códigos do backdoor, por isso faz os antivirus gerarem os alertas falsos. Isso pode acontecer tanto com Kaspersky, NOD32, Avira, enfim, qualquer um.

Entretanto, há anos atrás, na época do Blaster, tinha surgido um outro worm com os mesmos códigos do Blaster se passando pelo processo winlogon.exe do Windows. E naquela época todos, sem exceção, todos os antivirus deram o falso-positivo, dizendo ser o Blaster no arquivo legítmo do Windows.
 
Você deve fazer login ou se registrar para responder aqui.

Users who are viewing this thread

Total: 6 (membros: 0, visitantes: 6)
Voltar
Topo