Remoção de vírus

[Gustavo MPO]

... Baixe o StartupCPL Gustavo MPO.

- Extraia o programa para o desktop e execute-o;
- Clique em Install e aguarde a instalação. Será instalado no Painel de Controle;
- Então vá até lá e dê um duplo clique em Startup;
- Clique na aba HKLM/Run e verifique se as entradas Ntuser estão presentes, me diga aqui.

Esse foi o motivo de eu ter ficado desconfiado, não estão em HKLM/Software/.../Run, nem em qualquer outra chave RUN do registro.
É normal isso mesmo?

 

[Xleon]

Mr. Worlf, tudo bem?

Tem um micro que pegou virus de PenDrive, eu passei o PenClean, porem eu gostaria de certificar se esta ok.

Spoiler

Logfile of HijackThis v1.99.1
Scan saved at 01:52:51 PM, on 14/Nov/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Equitrac\Office\Client\EQSharedEngine.exe
c:\WINDOWS\system32\ifxspmgt.exe
c:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\keyacc32.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\LOGIN\PCLOG32.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\kass.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Equitrac\Office\Client\EQToolTray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Qlock\qlock.exe
C:\ProxyManager_En_XP.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\Support\Diags\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://insidehatch/insidehatch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hatch.local:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;192.168.*;*.hatch.ca;*.corp.hatchglobal.com;*.hatchworkshare.com;*.koninet.net;kh.google.com;*.keyhole.com;www.hmmg.mottmac.com;apss.wao.alcoa.com;*.hmgjv.co.za;207.236.97.98;*.citadon.com;*.intauhosting.com;*.mottmac.com;*.cchonline.ca;www.hatch-ils.com;*.hatchenergy.com;http://aus*;ftp.hatch.com.br;www.abntnet.com.br;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: LLIEHlprObj Class - {F757FBBF-10E5-4DDA-BBEA-2357E54BEA2B} - C:\Program Files\Open Text\Livelink Explorer\LLBHO3.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PCLOGIN] C:\LOGIN\PCLOG32.exe
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [KeyAccess] kass.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Spark] C:\Program Files\Spark\Spark.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O4 - Startup: Shortcut to ProxyManager_En_XP.lnk = C:\ProxyManager_En_XP.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Equitrac Print Billing Tray Icon.lnk = C:\Program Files\Equitrac\Office\Client\EQToolTray.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.abntnet.com.br
O15 - Trusted Zone: http://sao.hatchworkshare.com
O15 - Trusted Zone: http://*.saollink
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://uroam.hatch.cl/vdesk/cachecleaner.cab#version=6010,2007,0223,0315
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://uroam.hatch.ca/vdesk/terminal/urxvpn.cab#version=6020,2008,0514,2345
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://uroam.hatch.ca/vdesk/terminal/InstallerControl.cab
O16 - DPF: {5328061E-6A43-4CA6-A4B9-13EB98922070} (IN_DB 80 Control) - http://ausinfra/english/INFRA_CONTROLS80.CAB
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {63C77D3D-9C0A-4BEC-A290-08B62F96B549} (Infra wrapper 703) - http://ausinfra/production/in_wrapper703.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1213104623346
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://uroam.hatch.ca/vdesk/terminal/urTermProxy.cab#version=6020,2008,0514,2337
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7823E856-2EC4-48B4-894E-80091F4DDDAE} (IN_DB 703 Control) - http://ausinfra/production/INFRA_CONTROLS703.CAB
O16 - DPF: {8E8583EF-A32D-48CC-96D5-0B8EBA600E7A} (Infra wrapper 80) - http://ausinfra/english/in_wrapper80.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://uroam.hatch.ca/vdesk/terminal/urxshost.cab#version=6020,2008,0514,2341
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hatch.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://uroam.hatch.ca/vdesk/terminal/urxhost.cab#version=6020,2008,0514,2340
O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink Edit Control) - https://knowledge.opentext.com/knowledgesupport/webexp/lledit.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.hatchglobal.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.hatchglobal.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.hatchglobal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.hatchglobal.com
O20 - AppInit_DLLs: KATRACK.DLL APSHook.dll EQDtpSp.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EQ Shared Engine (EQSharedEngine) - Equitrac - C:\Program Files\Equitrac\Office\Client\EQSharedEngine.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\ifxtcs.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: KeyAccess - Sassafras Software Inc. - C:\WINDOWS\keyacc32.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

 

[Scolari]

Wolf muito obrigado por toda sua ajuda até aqui.
Rodei o RSIT.exe e estou colando na sequência.
Mas antes é interessante eu te falar que baixei o Spyware Doctor e simplesmente foram encontradas 8 malwares e 310 infecções!!!
Fiquei arrepiado ao ver a quantidade! Ele já corrigiu tudo...

Bom lá vai os logs:

Spoiler

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-11-14 13:54:10
Microsoft Windows XP Professionnel Service Pack 3
System drive D: has 10 GB (51%) free of 20 GB
Total RAM: 1918 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54, on 2008-11-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\GbPlugin\GbpSv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\VistaDrive\VistaDrive.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\CTHELPER.EXE
D:\WINDOWS\system32\CTXFIHLP.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Administrateur\Bureau\RSIT.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.folha.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esimo.c.la/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows XP Edition Classic Plus
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: (no name) - {3C0591A7-E7B4-4F55-B400-E2465FDC2F9E} - D:\WINDOWS\system32\hgGxUlKB.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - D:\Program Files\GbPlugin\gbieh.dll
O4 - HKLM\..\Run: [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Apoint] D:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://edinhoscolari.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O20 - Winlogon Notify: GbPluginBb - D:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PDAgent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8308 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29 468280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C0591A7-E7B4-4F55-B400-E2465FDC2F9E}]
D:\WINDOWS\system32\hgGxUlKB.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
GbIehObj Class - D:\Program Files\GbPlugin\gbieh.dll [2008-04-15 378696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"=D:\WINDOWS\VistaDrive\VistaDrive.exe [2006-10-05 280779]
"SunJavaUpdateSched"=D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"CTHelper"=D:\WINDOWS\CTHELPER.EXE [2006-05-24 17920]
"CTxfiHlp"=D:\WINDOWS\system32\CTXFIHLP.EXE [2006-05-24 18944]
"UpdReg"=D:\WINDOWS\UpdReg.EXE [2000-05-10 90112]
"Apoint"=D:\Program Files\Apoint2K\Apoint.exe [2008-06-01 196608]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"avgnt"=D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"ISTray"=D:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\005c6137]
D:\WINDOWS\system32\pxqhyygq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]
D:\Program Files\GbPlugin\gbieh.dll [2008-04-15 378696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2008-08-21 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-23 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=D:\Program Files\GbPlugin\gbieh.dll [2008-04-15 378696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
D:\WINDOWS\system32\hgGxUlKB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\Steam\steamapps\gaminy\counter-strike\hl.exe"="D:\Program Files\Steam\steamapps\gaminy\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"D:\Nexon\Combat Arms\CombatArms.exe"="D:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Nexon\Combat Arms\Engine.exe"="D:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"D:\Nexon\Combat Arms\NMService.exe"="D:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Nexon\Combat Arms\CombatArms.exe"="D:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Nexon\Combat Arms\Engine.exe"="D:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

======List of files/folders created in the last 1 months======

2008-11-14 13:54:10 ----D---- D:\rsit
2008-11-14 13:32:34 ----D---- D:\WINDOWS\LastGood
2008-11-13 22:41:13 ----D---- D:\Program Files\Spyware Doctor
2008-11-13 22:41:13 ----D---- D:\Documents and Settings\Administrateur\Application Data\PC Tools
2008-11-13 20:59:53 ----A---- D:\WINDOWS\system32\CF22555.exe
2008-11-13 20:55:38 ----A---- D:\WINDOWS\system32\CF21732.exe
2008-11-13 20:54:42 ----A---- D:\WINDOWS\system32\CF21549.exe
2008-11-13 20:28:08 ----D---- D:\WINDOWS\ERUNT
2008-11-13 20:25:39 ----A---- D:\WINDOWS\ntbtlog.txt
2008-11-13 20:11:45 ----A---- D:\WINDOWS\system32\eqnamryi.dll
2008-11-13 20:08:44 ----SH---- D:\WINDOWS\system32\pfmpjmys.ini
2008-11-13 00:32:13 ----A---- D:\WINDOWS\system32\CF11398.exe
2008-11-13 00:31:33 ----A---- D:\WINDOWS\system32\CF11261.exe
2008-11-13 00:14:55 ----A---- D:\WINDOWS\zip.exe
2008-11-13 00:14:55 ----A---- D:\WINDOWS\VFIND.exe
2008-11-13 00:14:55 ----A---- D:\WINDOWS\SWREG.exe
2008-11-13 00:14:55 ----A---- D:\WINDOWS\sed.exe
2008-11-13 00:14:55 ----A---- D:\WINDOWS\NIRCMD.exe
2008-11-13 00:14:55 ----A---- D:\WINDOWS\grep.exe
2008-11-13 00:14:55 ----A---- D:\WINDOWS\fdsv.exe
2008-11-13 00:14:54 ----A---- D:\WINDOWS\SWXCACLS.exe
2008-11-13 00:14:54 ----A---- D:\WINDOWS\SWSC.exe
2008-11-13 00:14:48 ----D---- D:\WINDOWS\ERDNT
2008-11-13 00:14:48 ----D---- D:\Qoobox
2008-11-13 00:14:43 ----A---- D:\WINDOWS\system32\CF7969.exe
2008-11-13 00:06:06 ----D---- D:\Program Files\Trend Micro
2008-11-12 12:16:38 ----SH---- D:\WINDOWS\system32\hlifxkfj.ini
2008-11-12 12:14:45 ----A---- D:\WINDOWS\system32\eavhjg.dll
2008-11-12 12:14:44 ----A---- D:\WINDOWS\system32\tugastbm.dll
2008-11-10 20:01:47 ----SH---- D:\WINDOWS\system32\otxplgxa.ini
2008-11-09 17:56:22 ----SH---- D:\WINDOWS\system32\vhwhfpwh.ini
2008-11-08 14:26:56 ----SH---- D:\WINDOWS\system32\qgyyhqxp.ini
2008-11-08 14:25:18 ----A---- D:\WINDOWS\system32\mkzfnx.dll
2008-11-08 14:25:17 ----A---- D:\WINDOWS\system32\hsulrine.dll
2008-11-07 13:06:19 ----D---- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-07 11:52:16 ----SH---- D:\WINDOWS\system32\eacmgivp.ini
2008-11-07 11:52:16 ----A---- D:\WINDOWS\system32\vdlcvq.dll
2008-11-07 11:52:16 ----A---- D:\WINDOWS\system32\ufmactwm.dll
2008-11-07 11:50:27 ----A---- D:\WINDOWS\system32\pwkghp.dll
2008-11-07 11:50:25 ----A---- D:\WINDOWS\system32\novxlbmd.dll
2008-11-07 11:50:23 ----SH---- D:\WINDOWS\system32\umqjvpxw.ini
2008-11-06 11:41:53 ----SH---- D:\WINDOWS\system32\agfpulrb.ini
2008-11-06 11:38:52 ----A---- D:\WINDOWS\system32\tixotl.dll
2008-11-06 11:38:51 ----A---- D:\WINDOWS\system32\ifcsgyfx.dll
2008-11-05 22:36:41 ----SH---- D:\WINDOWS\system32\cowjcymq.ini
2008-11-05 22:33:50 ----A---- D:\WINDOWS\system32\0b7fa549-.txt
2008-11-05 22:33:37 ----ASH---- D:\WINDOWS\system32\BKlUxGgh.ini2
2008-11-05 22:33:37 ----ASH---- D:\WINDOWS\system32\BKlUxGgh.ini
2008-11-05 22:28:36 ----D---- D:\Documents and Settings\All Users\Application Data\ESET
2008-10-23 23:32:25 ----HDC---- D:\WINDOWS\$NtUninstallKB958644$
2008-10-15 20:00:02 ----HDC---- D:\WINDOWS\$NtUninstallKB956803$
2008-10-15 19:59:59 ----HDC---- D:\WINDOWS\$NtUninstallKB956391$
2008-10-15 19:59:56 ----HDC---- D:\WINDOWS\$NtUninstallKB957095$
2008-10-15 19:59:40 ----HDC---- D:\WINDOWS\$NtUninstallKB954211$
2008-10-15 19:59:34 ----HDC---- D:\WINDOWS\$NtUninstallKB956841$
2008-10-15 19:58:27 ----HDC---- D:\WINDOWS\$NtUninstallKB953155$

======List of files/folders modified in the last 1 months======

2008-11-14 13:46:09 ----D---- D:\Program Files\Mozilla Firefox
2008-11-14 13:42:11 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2008-11-14 13:33:45 ----HD---- D:\WINDOWS\inf
2008-11-14 13:32:34 ----HD---- D:\WINDOWS\$hf_mig$
2008-11-14 13:32:34 ----D---- D:\WINDOWS
2008-11-14 13:32:33 ----D---- D:\WINDOWS\system32\CatRoot2
2008-11-14 13:31:37 ----D---- D:\WINDOWS\system32\inetsrv
2008-11-14 13:30:53 ----D---- D:\WINDOWS\Temp
2008-11-14 13:30:06 ----D---- D:\WINDOWS\system32\drivers
2008-11-13 23:13:23 ----A---- D:\WINDOWS\SchedLgU.Txt
2008-11-13 22:51:27 ----D---- D:\WINDOWS\system32
2008-11-13 22:42:47 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2008-11-13 22:41:13 ----RD---- D:\Program Files
2008-11-13 22:33:20 ----D---- D:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-11-13 21:12:08 ----D---- D:\Program Files\Avira
2008-11-13 21:12:08 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
2008-11-13 21:07:54 ----SHD---- D:\WINDOWS\Installer
2008-11-13 21:03:22 ----D---- D:\WINDOWS\Minidump
2008-11-13 20:18:44 ----A---- D:\WINDOWS\NeroDigital.ini
2008-11-13 00:18:37 ----D---- D:\WINDOWS\Prefetch
2008-11-13 00:14:54 ----SHD---- D:\System Volume Information
2008-11-13 00:14:54 ----D---- D:\WINDOWS\system32\Restore
2008-11-08 21:19:00 ----D---- D:\Program Files\Fichiers communs
2008-11-08 21:11:10 ----A---- D:\WINDOWS\win.ini
2008-11-08 21:11:10 ----A---- D:\WINDOWS\system.ini
2008-11-08 21:11:00 ----D---- D:\WINDOWS\pss
2008-11-06 23:09:20 ----D---- D:\WINDOWS\Debug
2008-11-05 20:58:51 ----D---- D:\WINDOWS\system32\Logfiles
2008-11-05 14:08:48 ----RSHDC---- D:\WINDOWS\system32\dllcache
2008-11-04 21:50:15 ----D---- D:\WINDOWS\Help
2008-10-16 20:35:48 ----SD---- D:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-10-16 14:13:40 ----A---- D:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- D:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- D:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- D:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:58 ----A---- D:\WINDOWS\system32\wups.dll
2008-10-16 14:08:06 ----A---- D:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:32 ----A---- D:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- D:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- D:\WINDOWS\system32\mucltui.dll
2008-10-16 14:06:40 ----A---- D:\WINDOWS\system32\mucltui.dll.mui
2008-10-15 20:00:27 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-15 19:59:52 ----D---- D:\Program Files\Internet Explorer
2008-10-15 14:35:43 ----A---- D:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; D:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-13 75072]
R1 IKSysFlt;System Filter Driver; D:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; D:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840]
R3 avgntflt;avgntflt; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctac32k;Creative AC3 Software Decoder; D:\WINDOWS\system32\drivers\ctac32k.sys [2006-05-24 502272]
R3 ctaud2k;Creative Audio Driver (WDM); D:\WINDOWS\system32\drivers\ctaud2k.sys [2006-05-24 499584]
R3 ctprxy2k;Creative Proxy Driver; D:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-05-24 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; D:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-05-24 143872]
R3 emupia;E-mu Plug-in Architecture Driver; D:\WINDOWS\system32\drivers\emupia2k.sys [2006-05-24 78336]
R3 ha20x2k;Creative 20X HAL Driver; D:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-24 1110016]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 mouhid;Pilote HID de souris; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-28 12288]
R3 ossrv;Creative OS Services Driver; D:\WINDOWS\system32\drivers\ctoss2k.sys [2006-05-24 116224]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 admm7ffw;admm7ffw; D:\WINDOWS\system32\drivers\admm7ffw.sys []
S3 ApfiltrService;Alps Pointing-device Filter Driver; D:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-06-01 101833]
S3 ctdvda2k;Creative DVD-Audio Device Driver; D:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 EagleNT;EagleNT; \??\D:\WINDOWS\system32\drivers\EagleNT.sys []
S3 gdrv;gdrv; \??\D:\WINDOWS\gdrv.sys []
S3 usbscan;Pilote de scanneur USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-05-23 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-23 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2008-08-21 573440]
R2 IISADMIN;Administration IIS; D:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15872]
R2 PDAgent;PDAgent; D:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-05-24 415248]
R2 sdAuxService;PC Tools Auxiliary Service; D:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; D:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 W3SVC;Publication World Wide Web; D:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 PDEngine;PDEngine; D:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-05-24 734736]
R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; D:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-07-15 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-07-15 68952]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; D:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; D:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------

Spoiler

info.txt logfile of random's system information tool 1.04 2008-11-14 13:54:14

======Uninstall list======

-->"D:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:BRZ
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x416
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x416
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x416 /remove
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x416
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x416 /remove
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x416
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x416 /remove
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x416
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x416
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x416 /remove
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {98003BDC-1B68-4970-B28E-ACC8000D2F3E}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
7-Zip 4.57-->"D:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ATI - Software Uninstall Utility-->D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x5357
ATI Display Driver-->rundll32 D:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitComet 1.02-->D:\Program Files\BitComet\uninst.exe
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
Combat Arms-->"D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
Correctif pour Windows Internet Explorer 7 (KB947864)-->"D:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Counter-Strike-->"D:\Program Files\Steam\steam.exe" steam://uninstall/10
Creative Software AutoUpdate-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x416 /remove
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Informações do Sistema Creative-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x416 /remove
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 3.8.0-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire PRO 4.17.5-->"D:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.5 (build 0261)-->D:\PROGRA~1\MagicISO\UNWISE.EXE D:\PROGRA~1\MagicISO\INSTALL.LOG
Medieval II - Retrofit Mod version 1.0-->"C:\Gamez\Medieval2\mods\retrofit\unins000.exe"
Medieval II Total War : Kingdoms : Americas-->D:\Program Files\InstallShield Installation Information\{75983B66-804C-40D1-BA13-64DAF652A6F1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Britannia-->D:\Program Files\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Crusades-->D:\Program Files\InstallShield Installation Information\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Teutonic-->D:\Program Files\InstallShield Installation Information\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War-->D:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"D:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"D:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"D:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"D:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"D:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"D:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"D:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"D:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"D:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"D:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"D:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"D:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"D:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953155)-->"D:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"D:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"D:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"D:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"D:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"D:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"D:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763)-->"D:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"D:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"D:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.4)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 8 Micro 8.3.2.1-->"D:\Program Files\Nero\unins000.exe"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Novo Dicionário Aurélio-->MsiExec.exe /X{498B4BF1-AD73-4AA8-99EB-18D400E42482}
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->D:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u D:\WINDOWS\system32\DRVSTORE\amdk8_C7A451815AD6A55564D6F47B5A12C61D8B4DCFD1\amdk8.inf
PerfectDisk-->MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
REALTEK GbE & FE Ethernet PCI NIC Driver-->D:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.EXE -runfromtemp -l0x0416 -removeonly
Realtek High Definition Audio Driver-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x416 -removeonly
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->D:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Seven Kingdoms AA Update-->D:\WINDOWS\IsUninst.exe -fc:\gamez\7K\Uninst.isu
Seven Kingdoms-->D:\WINDOWS\IsUninst.exe -fc:\gamez\7K\Uninst.isu
Sound Blaster X-Fi-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x416 /remove
SPORE™-->"D:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spyware Doctor 6.0-->D:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtual DJ - Atomix Productions-->D:\PROGRA~1\VIRTUA~1\UNWISE.EXE D:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Vista Drive Indicator!-->rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\Vdrive.inf,uninstall
Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}
Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Avira AntiVir PersonalEdition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Grande abraço e mais uma vez obrigado!

 

[(-(-)BAD(-(-)]

Olá, poderia analizar meu log por favor:

Logfile of HijackThis v1.99.1
Scan saved at 16:23:59, on 14/11/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
N:\Softwares\Manutenção\Segurança\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab
O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/ne/CA.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\Software\..\Telephony: DomainName = www.arthi-server.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{E028C973-7CE3-4CEA-B10D-DD5F44053AD4}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: psfus - C:\Windows\system32\psqlpwd.dll
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\Windows\system32\UTSCSI.EXE
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP (file missing)
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

[rqmp]

Olá Mr.Wolf, estou tendo um probleminha com meu pen drive.

Dentro dele existe um arquivo chamado autorun.inf, acredito que seja um vírus.

De que modo posso removê-lo ? Agradeço desde já.

 

[Mr.Wolf]

Scolari, acalme-se que removeremos todas as infecções. Você possui um rootkit e um trojan vundo na máquina. Portanto peço que siga todas as instruções abaixo ok meu amigo. Então vamos lá.

Vá em Iniciar > Executar, digite: sysdm.cpl e tecle Enter. Clique na aba Restauração do Sistema e marque a opção Desativar restauração do sistema > OK. Quando terminarmos de desinfectar sua máquina, desmarcaremos novamente esta opção ok.

Caso esteja com o ComboFix na máquina ainda, vá em Iniciar > Executar, digite: combofix /u e tecle Enter para remover a ferramenta daí.


- Faça o download do OTMoveIt3 e salve-o no desktop;

Sugiro que imprima ou salve estes procedimentos abaixo em um local de fácil acesso (como no Word por exemplo) Scolari, pois, depois de baixado o programa, desconecte-se da Internet, feche todos os programas e janelas que estejam abertos, deixando somente a janela do OTMoveIt3 aberta.

- Dê um duplo clique no ícone OTMoveIt3.exe para executar o programa e abrir sua tela;
- Copie todo este texto aqui abaixo dentro do CODE (começando de : Processes até o final), e cole na janela (área em branco) do programa OTMoveIt3:

:Processes
explorer.exe

:Services
admm7ffw

:Files
D:\WINDOWS\system32\hgGxUlKB.dll
D:\WINDOWS\system32\pxqhyygq.dll
D:\WINDOWS\system32\hgGxUlKB
D:\WINDOWS\system32\eqnamryi.dll
D:\WINDOWS\system32\pfmpjmys.ini
D:\Qoobox
D:\WINDOWS\system32\hlifxkfj.ini
D:\WINDOWS\system32\eavhjg.dll
D:\WINDOWS\system32\tugastbm.dll
D:\WINDOWS\system32\otxplgxa.ini
D:\WINDOWS\system32\vhwhfpwh.ini
D:\WINDOWS\system32\qgyyhqxp.ini
D:\WINDOWS\system32\mkzfnx.dll
D:\WINDOWS\system32\hsulrine.dll
D:\WINDOWS\system32\eacmgivp.ini
D:\WINDOWS\system32\vdlcvq.dll
D:\WINDOWS\system32\ufmactwm.dll
D:\WINDOWS\system32\pwkghp.dll
D:\WINDOWS\system32\novxlbmd.dll
D:\WINDOWS\system32\umqjvpxw.ini
D:\WINDOWS\system32\agfpulrb.ini
D:\WINDOWS\system32\tixotl.dll
D:\WINDOWS\system32\ifcsgyfx.dll
D:\WINDOWS\system32\cowjcymq.ini
D:\WINDOWS\system32\0b7fa549-.txt
D:\WINDOWS\system32\BKlUxGgh.ini2
D:\WINDOWS\system32\BKlUxGgh.ini
D:\WINDOWS\system32\drivers\admm7ffw.sys

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C0591A7-E7B4-4F55-B400-E2465FDC2F9E}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\005c6137]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa]
"D:\WINDOWS\system32\hgGxUlKB"=-

:Commands 
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Depois de colar o texto no programa, clique no botão MoveIt;
- Caso apareça o aviso para reiniciar o computador, faça isso e reinicie a máquina;
- Na sua proxima resposta Scolari, copie e cole o todo o conteúdo que está em Results;
- Se o computador reiniciou e não lhe foi possível copiar o resultado, abra o Bloco de Notas (Iniciar > Programs > Acessorios > Bloco de Notas), clique em Arquivo > Abrir e na caixa "Nome do Arquivo", coloque *.log e dê enter; Procure a pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo, ou anexe-o, em sua próxima Scolari, por gentileza.

 

[Mr.Wolf]

Esse foi o motivo de eu ter ficado desconfiado, não estão em HKLM/Software/.../Run, nem em qualquer outra chave RUN do registro.
É normal isso mesmo?

Gustavo MPO, é isso mesmo que deveria estar. Se os itens estivessem listados nas abas do programa daí seriam vírus realmente. Este programa StartupCPL mostra os processos que estão inicializando com seu PC de suspeito. É uma ferramenta um pouco avançada de mexer pois exige um conhecimento técnico nela, pois esta ferramenta consegue enxergar quais são os processos maliciosos que estão inicializando com o sistema, e quais não são. Quando arquivos de perfil, como ntuser e os outros que você citou que estão inicializando com o sistema, não devem aparecer, principalmente, na aba HKLM/Run do StartupCPL. Pois daí sim seriam infecções.

Espero que tenha entendido amigo Gustavo MPO. Entretanto, se mesmo assim estiver desconfiado ou com suspeita destes arquivos, poderemos fazer uma análise e confirmar. Quer?


_____________________________________________


Xleon, o log ainda contém infecções. Siga as instruções abaixo dentro do spoiler.

Spoiler

- Faça o download do TZ-Kill que eu anexei no final do meu post e salve-o no desktop;
- Extraia o arquivo para a área de trabalho e dê um duplo clique no programa para executá-lo;
- Clique no botão Ejecutar e aguarde. Depois clique em OK.


- Faça o download do ComboFix e salve-o no desktop;
OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)

● Desative, temporariamente, seu antivírus;
● Feche todas as janelas abertas;
● Dê um duplo clique no arquivo ComboFix;
● Tecle 1 e dê um Enter. Aguarde até que o relatório seja gerado. É um pouco demorado o scan;
● O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.
● Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
● Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
● Para parar ou sair do ComboFix, tecle "N".

Em sua próxima resposta Xleon, cole os logs do ComboFix e um novo log do HijackThis.

_______________________________________

(-(-)BAD(-(-), seu log está limpo. :thumbs_up



_______________________________________


Amigo Ryu, o autorun.inf é realmente um vírus de pen drive.

Peço que por favor, poste um log do HijackThis aqui amigo Ryu. Mas por enquanto, faça o seguinte também.

- Baixe o PenClean e salve no seu desktop.
- Execute o programa.
- Conecte o seu pen drive ao computador.
- Selecione a opção Verificar o computador e clique no botão Verificar. Aguarde.
- Será informado se algo foi encontrado, se for encontrado será pedido para reiniciar, clique em Sim. O computador será reiniciado.
- Um log será gerado em C:\PenClean\PenClean.txt.

Em sua próxima resposta Ryu, cole o log do PenClean, juntamente com um log do HijackThis.


Anexo destinado ao Xleon.

 

[Xleon]

Boa Tarde Grande Mr. Wolf!! hehehe

Esse micro que eu postei acima eh do trampo, na segunda eu rodo o software e posto o log, vc poderia ver esse do meu primo? Eu to achando ele um pouco lento e não estou conseguindo abrir pastas que contem video....

Spoiler

Logfile of HijackThis v1.99.1
Scan saved at 13:16:30, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Marcelo Sacrini\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Marcelo Sacrini\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [uebTUBE] C:\Arquivos de programas\UEBBI.com\uebTUBE\uebTUBE.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Dados de aplicativos\third lies itch ford\MEDIA BALL.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\arquiv~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marcelo Sacrini\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://video.wbla.com/cab/IDMFlash.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c8f8c859172e8) (gupdate1c8f8c859172e8) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Vlw pela Ajuda!!!

 

[Mr.Wolf]

Xleon, vá em Painel de Controle > Adicionar ou Remover programas. Desinstale o ASK Toolbar.

- Baixe o HostsXpert e extraia-o para o desktop;
- Duplo clique no programa e clique em Restore MS Hosts Files.

- Baixe o ISeeYouXP e salve-o no desktop;

● Execute o arquivo e clique em Extract
● Será criado um atalho na sua área de trabalho -> ISeeYouXp.bat
● Clique com o direito sobre esse arquivo, e depois clique em Executar como Administrador.
● Agüarde alguns instantes enquanto a ferramenta faz uma leitura do seu sistema.
● Quando terminar, aparecerá a mensagem "Pressione uma tecla para continuar....
● Aparecerá o arquivo ISeeYouXP.txt na sua área de trabalho.
● Compacte-o, e anexe-o à sua próxima resposta.

 

[Xleon]

Mr. Wolf,

Quase cai depois de ver varias entradas no host desse computador!!! Nunca imaginei ter tantas entradas....

Segue anexo o Arquivo... Vlw ae

 

[Mr.Wolf]

Xleon,

- Faça o download do ProcessExplorer e salve no desktop;

- Crie uma pasta em Arquivos de Programas com o nome Kill In The Zone Process e extraia os arquivos da pasta zip do ProcessExplorer para esta pasta criada. Ficando assim: C:\Arquivos de Programas\Kill In The Zone Process\procexp.exe;
- Vá até esta pasta e execute o arquivo para abrir o programa;
- Feche todos os programas em execução, exceto o navegador;
- Clique no menu Options e marque a opção Verify Image Signatures. Pressione a tecla F5 do teclado;
- Clique no menu File > Save As e salve o log com a extensão .txt na área de trabalho.

Poste este log em sua próxima resposta Xleon.

 

[Xleon]

Segue ae!

Spoiler

Process PID CPU Description Company Name
System Idle Process 0 92.31
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 660 Gerenciador de Sessão do Windows NT Microsoft Corporation
csrss.exe 732 Client Server Runtime Process Microsoft Corporation
winlogon.exe 764 Aplicativo de logon do Windows NT Microsoft Corporation
services.exe 816 1.54 Aplicativo de serviços e controle Microsoft Corporation
ati2evxx.exe 988 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 1000 Generic Host Process for Win32 Services Microsoft Corporation
wlcomm.exe 3532 Windows Live Communications Platform Microsoft Corporation
svchost.exe 1088 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1184 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 3380 Windows Update Automatic Updates Microsoft Corporation
svchost.exe 1228 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1476 Generic Host Process for Win32 Services Microsoft Corporation
aawservice.exe 1572 Ad-Aware 2007 Service Lavasoft
gbpsv.exe 1644 G-Buster Browser Defense - Service
spoolsv.exe 1732 Spooler SubSystem App Microsoft Corporation
sched.exe 1772 Antivirus Scheduler Avira GmbH
avguard.exe 1880 Antivirus On-Access Service Avira GmbH
AppleMobileDeviceService.exe 1892 Apple Mobile Device Service Apple Inc.
mDNSResponder.exe 1944 Bonjour Service Apple Inc.
jqs.exe 256 Java(TM) Quick Starter Service Sun Microsystems, Inc.
StarWindService.exe 604 StarWind iSCSI Target (Alcohol Edition) Rocket Division Software
svchost.exe 1240 Generic Host Process for Win32 Services Microsoft Corporation
alg.exe 512 Application Layer Gateway Service Microsoft Corporation
iPodService.exe 3208 iPodService Module Apple Inc.
lsass.exe 828 LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 1448 ATI External Event Utility EXE Module ATI Technologies Inc.
GoogleUpdate.exe 792 Google Installer Google Inc.
explorer.exe 2420 Windows Explorer Microsoft Corporation
hpwuSchd2.exe 2612 hpwuSchd Hewlett-Packard Company
hpcmpmgr.exe 2696 HP Framework Component Manager Service Hewlett-Packard Company
RTHDCPL.exe 2732 Realtek HD Audio Control Panel Realtek Semiconductor Corp.
acrotray.exe 2840 AcroTray Adobe Systems Inc.
jusched.exe 2864 Java(TM) Platform SE binary Sun Microsystems, Inc.
iTunesHelper.exe 2884 iTunesHelper Module Apple Inc.
ctfmon.exe 2916 CTF Loader Microsoft Corporation
msnmsgr.exe 2944 Windows Live Messenger Microsoft Corporation
GoogleUpdate.exe 3008 Google Installer Google Inc.
firefox.exe 220 4.62 Firefox Mozilla Corporation
procexp.exe 1560 1.54 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

 

[Mr.Wolf]

Há infecção aí.

- Faça o download do Dr. Web CureIt e salve no desktop;

- Dê um duplo clique no programa para instalá-lo;
- Clique em "Iniciar" e aguarde o scan inicial das áreas vitais do sistema terminar;
- Caso encontre algo, clique em "Sim"
- Ao término, selecione a opção "Scan completo" e clique na seta verde;
- Clique sempre "Sim" para a remoção;

- Ao término, clique em "Arquivo" e salve o relatório no desktop;
- O relatório terá extensão .csv
- Feche o Dr. WebCureIt e reinicie o PC.

Poste um novo log do HijackThis Xleon.

 

[jvictorpaiva]

Grande Mr.Wolf, sou amigo do luisednardo e mesmo sem voce saber, voce ja me ajudou bastante, sou muito grato por isso.

O problema dessa vez é meu notebook (utilizo windows vista), uso ele para trabalho e ultimamente ele está muito, mas muito lento mesmo, prejudicando e muito minhas obrigações.

Utilizo o kaspersky internet security 7 e ele não identificou virus algum.

Segue relatório do Hijackthis.

Spoiler

Logfile of HijackThis v1.99.1
Scan saved at 15:22:25, on 15/11/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\Victor Paiva\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Victor Paiva\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Victor Paiva\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/...jc.cab&File=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

* Datalhe, utilizo o Vista, quando abro o Hijckthis aparecem duas mensagens de erro. Sabe se isso pode influenciar em algo?


Agradeço desde já.


Victor Paiva

 

[Mr.Wolf]

Opa Victor Paiva tudo bem?

Seu log não me mostra infecções.

Mas uma pergunta: Por acaso a mensagem de erro que aparece é igual a esta abaixo?

"HijackThis não é um arquivo win32 válido".

 

[jvictorpaiva]

Opa Victor Paiva tudo bem?

Seu log não me mostra infecções.

Mas uma pergunta: Por acaso a mensagem de erro que aparece é igual a esta abaixo?

"HijackThis não é um arquivo win32 válido".

Tudo bem sim Mr. Wolf, as mensagens segue abaixo:

Aparecem duas mensagens, primeiro:
For some reason your system denied write access to the Hosts file.
If any hijacked demains are in this file, Hijackthis may NOT be able to fix this.
If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad “C:\Windows\System32\drivers\etc\hosts”

and press Enter. Find the line(s) Hijackthis reports and delete them. Save the file as “hosts” (with quotes), and reboot.

Quando eu clico em OK, aparece a segunda mensagem:

Na unexpected error has occuerred at procedure:
modMain_CheckOther 1 Item()
Error #75 – Path/File access error.
Please e-mail me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete Hijackthis scan log, if possible
Windows version: Windows NT 6.00.1905
MSIE version: 7.0.6001.18000
HijackThis version: 1.99.1
This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

 

[Mr.Wolf]

A segunda mensagem é normal. Pois o HijackThis às vezes pode gerar bugs nas entradas. Porém, a primeira mensagem se refere à seu arquivos hosts.

Por favor, vá em C:\Windows\System32\Drivers\etc. Dê dois cliques em hosts, clique em Bloco de Notas e dê um OK. Copie seu arquivo hosts e poste aqui amigo Victor Paiva.

 

[jvictorpaiva]

A segunda mensagem é normal. Pois o HijackThis às vezes pode gerar bugs nas entradas. Porém, a primeira mensagem se refere à seu arquivos hosts.

Por favor, vá em C:\Windows\System32\Drivers\etc. Dê dois cliques em hosts, clique em Bloco de Notas e dê um OK. Copie seu arquivo hosts e poste aqui amigo Victor Paiva.

Segue abaixo:

Spoiler

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

Muito obrigado!

 

[Mr.Wolf]

Victor Paiva, não creio que a lentidão em seu computador está sendo causada por vírus não. Mas faça o seguinte.

- Com o navegador Internet Explorer, baixe o arquivo DirReg upado aqui abaixo e salve-o na área de trabalho:
http://rapidshare.com/files/161407701/DirReg.zip.html

- Exatraia o arquivo para o desktop;
- Ele deverá ficar com um ícone parecido com este ->

- Execute o arquivo DirReg.bat;
- O bloco de notas será aberto, com algumas informações, juntamente com uma tela do prompt.
- Feche o bloco de notas, pois uma cópia ficará salva em C:\DirReg.txt

- Copie o conteúdo desse arquivo e cole na sua próxima resposta. Caso esse txt fique muito grande para anexar, então envie-o para um .zip ou .rar.

Atenção: Esse script foi feito especificamente para o seu computador, e não deve ser utilizado em nenhum outro computador. Pois poderá danificar o sistema.

 

[jvictorpaiva]

Caro Mr.Wolf, baixei e extrai o arquvo DirReg, porem quando fui executar, abriu apenas o prompt e uma janela de erro com a seguinte mensagem:

Não é possivel importar mcrisfiles\1.txt: erro ao abrir o arquivo. Pode haver um erro de disco ou do sistema de arquivos.

 

[jvictorpaiva]

Fiz algo diferente, executei o DirReg como administrador e apareeu o seguinte log:

Spoiler

REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{8c678a3d-97fb-11dd-b8a6-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,41,00,00,00,08,00,00,00,00,00,00,80,00,00,\
00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,27,00,ff,00,00,00,16,00,00,\
00,d4,fd,01,98,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,00,\
45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,31,00,39,\
00,66,00,37,00,65,00,35,00,39,00,63,00,26,00,30,00,26,00,53,00,69,00,67,00,\
6e,00,61,00,74,00,75,00,72,00,65,00,42,00,38,00,30,00,36,00,39,00,32,00,30,\
00,4f,00,66,00,66,00,73,00,65,00,74,00,31,00,30,00,30,00,30,00,30,00,30,00,\
4c,00,65,00,6e,00,67,00,74,00,68,00,31,00,31,00,33,00,34,00,38,00,30,00,30,\
00,30,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,\
64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,\
00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,\
66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,38,00,63,\
00,36,00,37,00,38,00,61,00,33,00,64,00,2d,00,39,00,37,00,66,00,62,00,2d,00,\
31,00,31,00,64,00,64,00,2d,00,62,00,38,00,61,00,36,00,2d,00,38,00,30,00,36,\
00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{8c678a3e-97fb-11dd-b8a6-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,80,00,00,\
00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,27,00,ff,00,00,00,16,00,00,\
00,9b,3f,b6,66,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,00,\
45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,31,00,39,\
00,66,00,37,00,65,00,35,00,39,00,63,00,26,00,30,00,26,00,53,00,69,00,67,00,\
6e,00,61,00,74,00,75,00,72,00,65,00,42,00,38,00,30,00,36,00,39,00,32,00,30,\
00,4f,00,66,00,66,00,73,00,65,00,74,00,31,00,31,00,33,00,34,00,39,00,30,00,\
30,00,30,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,41,00,42,00,44,\
00,46,00,30,00,30,00,30,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,\
36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,\
00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,\
39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,38,00,63,\
00,36,00,37,00,38,00,61,00,33,00,65,00,2d,00,39,00,37,00,66,00,62,00,2d,00,\
31,00,31,00,64,00,64,00,2d,00,62,00,38,00,61,00,36,00,2d,00,38,00,30,00,36,\
00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{8c678a41-97fb-11dd-b8a6-806e6f6e6963}]
"Data"=hex:ba,0d,00,00,00,00,00,00,01,00,00,00,10,00,00,00,ff,03,00,80,bd,ad,\
db,ba,00,00,00,00,00,00,00,00,00,00,00,00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,\
ba,bd,ad,db,ba,5c,00,5c,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,64,00,\
52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f,00,44,\
00,56,00,44,00,52,00,41,00,4d,00,5f,00,47,00,53,00,41,00,2d,00,54,00,32,00,\
30,00,4e,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,\
00,5f,00,5f,00,5f,00,5f,00,5f,00,57,00,54,00,30,00,33,00,5f,00,5f,00,5f,00,\
5f,00,23,00,35,00,26,00,32,00,32,00,33,00,66,00,34,00,63,00,33,00,26,00,30,\
00,26,00,31,00,2e,00,30,00,2e,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,\
36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,\
00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,\
39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,38,00,63,\
00,36,00,37,00,38,00,61,00,34,00,31,00,2d,00,39,00,37,00,66,00,62,00,2d,00,\
31,00,31,00,64,00,64,00,2d,00,62,00,38,00,61,00,36,00,2d,00,38,00,30,00,36,\
00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,50,00,43,00,49,00,49,00,44,00,45,00,5c,00,49,00,44,00,45,00,43,00,48,00,\
41,00,4e,00,4e,00,45,00,4c,00,5c,00,34,00,26,00,46,00,45,00,43,00,35,00,41,\
00,31,00,45,00,26,00,30,00,26,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Generation"=dword:00000007

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cadef81-ab58-11dd-bc16-0016d49845ad}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52bafe4a-a600-11dd-9255-0016d49845ad}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52bafe4a-a600-11dd-9255-0016d49845ad}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52bafe4a-a600-11dd-9255-0016d49845ad}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52bafe4a-a600-11dd-9255-0016d49845ad}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e789a4-ab65-11dd-87f7-0016d49845ad}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e789a4-ab65-11dd-87f7-0016d49845ad}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e789a4-ab65-11dd-87f7-0016d49845ad}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e789a4-ab65-11dd-87f7-0016d49845ad}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c467645-ad2a-11dd-af1f-0016d49845ad}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c467645-ad2a-11dd-af1f-0016d49845ad}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c467645-ad2a-11dd-af1f-0016d49845ad}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c467645-ad2a-11dd-af1f-0016d49845ad}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c46764f-ad2a-11dd-af1f-0016d49845ad}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c46764f-ad2a-11dd-af1f-0016d49845ad}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c46764f-ad2a-11dd-af1f-0016d49845ad}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c46764f-ad2a-11dd-af1f-0016d49845ad}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a85338-99f7-11dd-816d-0016d49845ad}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a85338-99f7-11dd-816d-0016d49845ad}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a85338-99f7-11dd-816d-0016d49845ad}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a85338-99f7-11dd-816d-0016d49845ad}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a85338-99f7-11dd-816d-0016d49845ad}\shell\AutoRun]
"ShellExecute"="copy.exe"
@="Instalar ou executar programa"
"SetWorkingDirectoryFromTarget"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a85338-99f7-11dd-816d-0016d49845ad}\shell\AutoRun\command]
@="C:\\Windows\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a8536a-99f7-11dd-816d-0016d49845ad}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a8536a-99f7-11dd-816d-0016d49845ad}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a8536a-99f7-11dd-816d-0016d49845ad}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a8536a-99f7-11dd-816d-0016d49845ad}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c678a3d-97fb-11dd-b8a6-806e6f6e6963}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c678a3e-97fb-11dd-b8a6-806e6f6e6963}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c678a3e-97fb-11dd-b8a6-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c678a3e-97fb-11dd-b8a6-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c678a3e-97fb-11dd-b8a6-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c678a41-97fb-11dd-b8a6-806e6f6e6963}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c678a41-97fb-11dd-b8a6-806e6f6e6963}\_Autorun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c678a41-97fb-11dd-b8a6-806e6f6e6963}\_Autorun\DefaultIcon]
@="E:\\Disc.ico"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a217b49c-ac26-11dd-ae8d-0016d49845ad}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2fd4995-ac2c-11dd-b105-0016d49845ad}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2fd4995-ac2c-11dd-b105-0016d49845ad}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2fd4995-ac2c-11dd-b105-0016d49845ad}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2fd4995-ac2c-11dd-b105-0016d49845ad}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2fd49b0-ac2c-11dd-b105-0016d49845ad}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2fd49b0-ac2c-11dd-b105-0016d49845ad}\shell]
@="None"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2fd49b0-ac2c-11dd-b105-0016d49845ad}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2fd49b0-ac2c-11dd-b105-0016d49845ad}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"



Está correto?

 

[Mr.Wolf]

Não entendi o porque do erro Victor Paiva! Mas se conseguiu executar o arquivo já está ótimo. Siga as instruções abaixo.

- Faça o download do ComboFix e salve-o no desktop;
OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)

● Desative, temporariamente, seu antivírus;
● Feche todas as janelas abertas;
● Dê um duplo clique no arquivo ComboFix;
● Tecle 1 e dê um Enter. Aguarde até que o relatório seja gerado. É um pouco demorado o scan;
● Caso ocorra algum problema, reinicie o computador em Modo de Segurança e repita o procedimento. Ou caso dê erro ao executar, execute como administrador;
● O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.
● Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
● Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
● Para parar ou sair do ComboFix, tecle "N".

Cole o log do ComboFix em sua próxima resposta Victor Paiva.

 

[jvictorpaiva]

Log Combofix:

Spoiler

ComboFix 08-11-13.02 - Victor Paiva 2008-11-15 17:21:17.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1046.18.513 [GMT -3:00]
Executando de: c:\users\Victor Paiva\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-15 to 2008-11-15 ))))))))))))))))))))))))))))
.

2008-11-12 17:27 . 2008-11-12 17:27 <DIR> d-------- C:\gr8
2008-11-12 11:55 . 2008-11-12 11:56 167,491,928 --a------ c:\windows\MEMORY.DMP
2008-11-07 21:09 . 2008-11-07 21:09 <DIR> d-------- c:\windows\System32\URTTEMP
2008-11-07 15:27 . 2008-11-07 15:27 <DIR> d-------- c:\program files\Sony Setup
2008-11-05 16:21 . 2008-11-05 16:21 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-11-05 15:14 . 2008-11-05 15:14 <DIR> d-------- c:\users\Victor Paiva\AppData\Roaming\Sony Corporation
2008-11-05 15:08 . 2008-11-05 15:08 <DIR> d-------- C:\Drivers
2008-11-05 15:08 . 2006-10-30 13:46 299,923 --a------ c:\windows\System32\drivers\sonyhcs.sys
2008-11-05 15:08 . 2006-10-30 13:46 102,220 --a------ c:\windows\System32\drivers\sonypvs1.sys
2008-11-05 15:08 . 2006-10-30 13:46 53,248 --a------ c:\windows\System32\SONYHCY.DLL
2008-11-05 15:08 . 2006-10-30 13:46 38,739 --a------ c:\windows\System32\drivers\sonyhcc.sys
2008-11-05 15:08 . 2006-10-30 13:46 6,097 --a------ c:\windows\System32\drivers\sonyhcb.sys
2008-11-05 15:08 . 2006-10-30 13:46 3,654 --a------ c:\windows\System32\drivers\Sonyhcp.dll
2008-11-05 15:07 . 2008-11-05 15:07 <DIR> d-------- c:\windows\System32\Iosubsys
2008-11-05 15:07 . 2006-11-02 16:57 118,520 --a------ c:\windows\System32\PxInsI64.exe
2008-11-05 15:07 . 2006-10-18 19:43 115,960 --a------ c:\windows\System32\PxCpyI64.exe
2008-11-05 15:07 . 2006-11-02 16:57 36,624 --a------ c:\windows\System32\drivers\pxhelp20.sys
2008-11-05 15:07 . 2006-08-28 21:48 2,560 --a------ c:\windows\System32\drivers\cdralw2k.sys
2008-11-05 15:07 . 2006-08-28 21:48 2,432 --a------ c:\windows\System32\drivers\cdr4_xp.sys
2008-11-05 15:07 . 2006-08-28 21:48 2,432 --a------ c:\windows\System32\drivers\cdr4_2k.sys
2008-11-05 15:01 . 2008-11-11 01:28 <DIR> d-------- c:\program files\Sony
2008-11-05 15:01 . 2008-11-05 15:10 <DIR> d--h----- c:\program files\InstallShield Installation Information
2008-11-05 15:00 . 2008-11-05 15:00 <DIR> d-------- c:\users\All Users\Sony Corporation
2008-11-05 15:00 . 2008-11-05 15:00 <DIR> d-------- c:\programdata\Sony Corporation
2008-11-04 09:23 . 2008-11-04 09:23 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2008-11-03 22:46 . 2008-11-05 16:21 <DIR> d-a------ c:\users\All Users\TEMP
2008-11-03 22:46 . 2008-11-05 16:21 <DIR> d-a------ c:\programdata\TEMP
2008-11-03 22:46 . 2008-11-05 16:23 <DIR> d-------- c:\program files\DAP
2008-11-03 17:36 . 2008-11-03 17:36 <DIR> d-------- c:\users\All Users\WindowsSearch
2008-11-03 17:36 . 2008-11-03 17:36 <DIR> d-------- c:\programdata\WindowsSearch
2008-10-29 19:32 . 2008-10-29 19:32 <DIR> d-------- c:\users\Victor Paiva\AppData\Roaming\NSeries
2008-10-29 18:50 . 2008-10-29 18:50 410,976 --a------ c:\windows\System32\deploytk.dll
2008-10-29 18:49 . 2008-10-29 18:49 <DIR> d-------- c:\program files\Java
2008-10-29 16:57 . 2007-04-27 00:57 16,904 --a------ c:\windows\System32\authuitu.dll
2008-10-29 16:53 . 2008-10-29 16:53 <DIR> d-------- c:\users\Victor Paiva\AppData\Roaming\TuneUp Software
2008-10-29 16:53 . 2008-10-29 16:57 <DIR> d-------- c:\program files\TuneUp Utilities 2007
2008-10-29 16:53 . 2007-03-29 04:42 29,704 --a------ c:\windows\System32\uxtuneup.dll
2008-10-29 16:52 . 2008-10-29 16:52 <DIR> d-------- c:\users\All Users\TuneUp Software
2008-10-29 16:52 . 2008-10-29 16:52 <DIR> d-------- c:\programdata\TuneUp Software
2008-10-29 16:51 . 2008-10-29 16:51 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-27 16:06 . 2008-10-27 16:06 <DIR> d-------- c:\users\All Users\FLEXnet
2008-10-27 16:06 . 2008-10-27 16:06 <DIR> d-------- c:\programdata\FLEXnet
2008-10-25 12:35 . 2008-11-01 00:03 <DIR> d-------- c:\users\All Users\NFS Underground
2008-10-25 12:35 . 2008-11-01 00:03 <DIR> d-------- c:\programdata\NFS Underground
2008-10-24 11:00 . 2006-03-20 05:00 212,992 -ra------ c:\windows\System32\hptcpmui.dll
2008-10-24 11:00 . 2006-03-20 05:00 126,976 -ra------ c:\windows\System32\hptcpmon.dll
2008-10-24 11:00 . 2006-03-20 05:00 102,400 -ra------ c:\windows\System32\hpzjrd01.dll
2008-10-24 11:00 . 2006-03-20 05:00 98,304 -ra------ c:\windows\System32\hpzjsn01.dll
2008-10-24 11:00 . 2006-03-20 05:00 73,728 -ra------ c:\windows\System32\hptcpmib.dll
2008-10-24 11:00 . 2006-03-20 05:00 28,672 -ra------ c:\windows\System32\hpzjfw01.dll
2008-10-24 11:00 . 2006-03-20 05:00 10,124 -ra------ c:\windows\System32\hptcpmui.hlp
2008-10-24 11:00 . 2006-03-20 05:00 10,061 -ra------ c:\windows\System32\hpipxmui.hlp
2008-10-24 11:00 . 2006-03-20 05:00 3,277 -ra------ c:\windows\System32\hptcpmon.ini
2008-10-24 11:00 . 2008-10-24 11:00 147 --a------ c:\windows\System32\AddPort.ini
2008-10-24 10:59 . 2008-10-24 10:59 <DIR> d--h----- c:\program files\Zenographics
2008-10-24 10:59 . 2008-10-24 10:59 <DIR> d-------- c:\program files\Hewlett-Packard
2008-10-24 10:52 . 2008-10-24 10:58 579 --a------ c:\windows\hpntwksetup.ini
2008-10-24 10:25 . 2008-10-24 10:25 <DIR> d-------- c:\windows\PrimoPDF
2008-10-24 10:25 . 2008-10-24 10:25 <DIR> d-------- c:\program files\activePDF
2008-10-24 10:25 . 2004-02-25 21:31 176,235 --a------ c:\windows\System32\Primomonnt.dll
2008-10-24 10:25 . 2008-10-24 10:25 129 --a------ c:\windows\primopdf.ini
2008-10-22 16:21 . 2008-10-22 16:21 47,876 --a------ c:\windows\FontData.fdb
2008-10-22 16:19 . 2008-11-14 09:47 2,828 --ahs---- c:\windows\System32\KGyGaAvL.sys
2008-10-22 16:17 . 2008-10-22 16:17 <DIR> d-------- c:\users\Victor Paiva\AppData\Roaming\Corel
2008-10-22 16:16 . 2008-10-22 16:16 <DIR> d-------- c:\users\All Users\InstallShield
2008-10-22 16:16 . 2008-10-22 16:16 <DIR> d-------- c:\programdata\InstallShield
2008-10-22 16:16 . 2008-11-05 14:58 <DIR> d-------- c:\program files\Common Files\InstallShield
2008-10-22 16:13 . 2008-10-22 16:13 <DIR> d-------- c:\program files\Corel
2008-10-22 16:13 . 2008-10-22 16:13 <DIR> d-------- c:\program files\Common Files\Corel
2008-10-22 08:32 . 2008-10-22 08:33 <DIR> d-------- c:\users\Victor Paiva\AppData\Roaming\Ahead
2008-10-22 08:29 . 2008-10-22 08:29 <DIR> d-------- c:\users\All Users\Nero
2008-10-22 08:29 . 2008-10-22 08:29 <DIR> d-------- c:\programdata\Nero
2008-10-22 08:29 . 2008-10-22 08:29 <DIR> d-------- c:\program files\Nero
2008-10-22 08:29 . 2008-10-22 08:30 <DIR> d-------- c:\program files\Common Files\Ahead
2008-10-21 15:09 . 2008-10-21 15:09 <DIR> d-------- c:\program files\Microsoft Works
2008-10-21 15:07 . 2008-10-21 15:07 <DIR> d-------- c:\program files\Microsoft.NET
2008-10-21 15:02 . 2008-10-21 15:12 <DIR> d-------- c:\users\All Users\Microsoft Help
2008-10-21 15:02 . 2008-10-21 15:12 <DIR> d-------- c:\programdata\Microsoft Help
2008-10-21 15:01 . 2008-10-21 15:01 <DIR> dr-h----- C:\MSOCache
2008-10-20 15:30 . 2008-10-20 15:30 16,086 --a------ c:\windows\System32\results.xml
2008-10-18 18:57 . 2008-10-18 18:57 <DIR> d-------- c:\program files\VistaCodecPack

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 20:23 47,387,680 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-15 14:32 --------- d-----w c:\programdata\Kaspersky Lab
2008-11-15 12:57 622,280 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-13 19:51 --------- d-----w c:\program files\Common Files\Adobe
2008-10-14 18:25 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-14 13:55 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-12 23:11 --------- d-----w c:\users\Victor Paiva\AppData\Roaming\Apple Computer
2008-10-12 23:10 --------- d-----w c:\programdata\Apple Computer
2008-10-12 23:10 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-12 23:10 --------- d-----w c:\program files\iTunes
2008-10-12 23:10 --------- d-----w c:\program files\iPod
2008-10-12 23:09 --------- d-----w c:\program files\QuickTime
2008-10-12 23:09 --------- d-----w c:\program files\Bonjour
2008-10-12 23:08 --------- d-----w c:\program files\Common Files\Apple
2008-10-12 23:07 --------- d-----w c:\program files\Apple Software Update
2008-10-12 23:05 --------- d-----w c:\programdata\Apple
2008-10-12 20:29 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-10-12 20:29 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-10-12 20:29 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-10-12 19:59 --------- d-----w c:\program files\Kaspersky Lab
2008-10-12 19:55 --------- d-----w c:\programdata\Kaspersky Lab Setup Files
2008-10-12 15:18 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-12 15:14 --------- d-----w c:\program files\Nokia
2008-10-12 15:13 --------- d-----w c:\program files\Common Files\Nokia
2008-10-12 15:12 --------- d-----w c:\programdata\Installations
2008-10-12 15:00 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-10-12 15:00 --------- d-----w c:\programdata\PC Suite
2008-10-12 14:59 --------- d-----w c:\users\Victor Paiva\AppData\Roaming\Nokia
2008-10-12 14:58 --------- d-----w c:\programdata\Nokia
2008-10-12 14:44 --------- d-----w c:\users\Victor Paiva\AppData\Roaming\PC Suite
2008-10-12 14:34 --------- d-----w c:\program files\Common Files\PCSuite
2008-10-12 14:33 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-12 03:52 --------- d-----w c:\program files\Windows Live
2008-10-12 03:51 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-12 03:36 --------- d-----w c:\programdata\WLInstaller
2008-10-12 03:02 174 --sha-w c:\program files\desktop.ini
2008-10-12 02:56 --------- d-----w c:\program files\Windows Sidebar
2008-10-12 02:56 --------- d-----w c:\program files\Windows Photo Gallery
2008-10-12 02:56 --------- d-----w c:\program files\Windows Mail
2008-10-12 02:56 --------- d-----w c:\program files\Windows Journal
2008-10-12 02:56 --------- d-----w c:\program files\Windows Defender
2008-10-12 02:56 --------- d-----w c:\program files\Windows Collaboration
2008-10-12 02:56 --------- d-----w c:\program files\Windows Calendar
2008-10-12 02:47 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-10-12 02:47 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-10-12 02:16 47,560 ----a-w c:\windows\System32\SPReview.exe
2008-10-12 02:16 152,576 ----a-w c:\windows\System32\SPWizUI.dll
2008-10-12 02:09 240,128 ----a-w c:\windows\system32\drivers\royal.sys
2008-10-12 01:24 --------- d-sh--w c:\programdata\Modelos
2008-10-12 01:24 --------- d-sh--w c:\programdata\Menu Iniciar
2008-10-12 01:24 --------- d-sh--w c:\programdata\Favoritos
2008-10-12 01:24 --------- d-sh--w c:\programdata\Documentos
2008-10-12 01:24 --------- d-sh--w c:\programdata\Dados de aplicativos
2008-10-12 01:24 --------- d-sh--w c:\program files\Common Files\Sistema
2008-10-12 01:24 --------- d-sh--w c:\program files\Arquivos Comuns
2008-08-29 13:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 12:53 61,440 ----a-w c:\windows\System32\dnssd.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Victor Paiva\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-10-21 133104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-04 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-04 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-04 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-29 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll,c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3282945802-2931894911-2912846794-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0476DBD0-0972-48E2-BD2F-0B68B9742586}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{8ACEFAC0-2BAF-45E9-A46B-01F8D6CA8BEA}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{C20F60C6-BE8A-401A-8C9D-77FC8E3E9ECC}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{A84AA3DC-79BB-4B8B-801D-F57E50F383A8}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{2C6A1ACB-6D8C-4AAF-911B-0393A3224D50}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{02092C02-517B-4F55-97C5-3B2045FC71B5}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\brazilian\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\brazilian\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{A7837DD1-FBD0-4B13-9124-E62DC595F86B}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\brazilian\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\brazilian\setup.exe:Kaspersky Internet Security 7.0 Setup
"{7041C968-1C66-483B-94E5-A354C18AD9AA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4200A1AD-0EFF-4540-861E-C7DDA70EFD90}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B2E25A8B-7CBA-4DE3-A380-A81D9605BBCC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9EC904A4-17DA-492C-BD46-EC27B66FF75E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-10-16 20496]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2008-10-11 21504]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2008-10-11 240128]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - PROCEXP90
.
Conteúdo da pasta 'Tarefas Agendadas'

2008-10-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 06:51]

2008-11-15 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Victor Paiva\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-21 16:55]
.
.
------- Scan Suplementar -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
c:\windows\Downloaded Program Files\gbpdist.inf
c:\windows\Downloaded Program Files\gbpdist.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 17:25:11
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2008-11-15 17:27:22
ComboFix-quarantined-files.txt 2008-11-15 20:27:17

Pré-execução: 47.284.793.344 bytes disponíveis
Pós execução: 47,089,414,144 bytes disponíveis

239

 

[hotsauce2007]

fala wolfffffffffffffffffffffffffffffff...


como vc ta?...
=]...


instalei o Service Pack 3...
ta tudo de boas até agora...haha

uma duvida...
quando tive aquele problema com o comodo e etc...
retirei ele...e deletamos todas as entradas possiveis...
porem...

olha so como q fica na central de segurança ainda...:

na janela do lado...eu desativei o do windows...pra vc ver como aparece la q o comodo assumiu...porem...como se nao existe nenhum traço mais dele por aqui...

 

[Cauan]

Olá Mr.Wolf Tudo Bem ?

Seguinte, instalei o spyboy aqui em casa com a proteção residente, gostaria de saber se existe alguma configuração pro spy pra deixar-lo mais eficaz como agente fez no nod32.

Até no momento não percebi nada de mais nesse Tear Time o que ele realmente faz ?

E outra dúvida que tenho a tempos quando atualizado meu spy ele seleciona " BN Fileforum (Global) " é nesse que faço as atualizações corretas ? Aqui aparece bandeirinhas dos Estados Unidos, Alemanha, Europa.

Um Abraço e bom domingo !