Remoção de vírus

Scolari disse:
Wolf seguem todos os logs conforme solicitado.
A máquina melhorou bastante durante esse processo de desinfecção. Os popouts já eram.


Malwaresbytes
Malwarebytes' Anti-Malware 1.30
Database version: 1402
Windows 5.1.2600 Service Pack 3

2008-11-16 21:41:40
mbam-log-2008-11-16 (21-41-40).txt

Scan type: Full Scan (D:\|)
Objects scanned: 70989
Time elapsed: 13 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004476.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004464.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004465.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004466.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004467.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004470.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004472.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004473.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004474.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

RSIT
Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-11-16 21:45:30
Microsoft Windows XP Professionnel Service Pack 3
System drive D: has 11 GB (52%) free of 20 GB
Total RAM: 1918 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45, on 2008-11-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\GbPlugin\GbpSv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\WINDOWS\VistaDrive\VistaDrive.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\CTHELPER.EXE
D:\WINDOWS\system32\CTXFIHLP.EXE
D:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Documents and Settings\Administrateur\Bureau\RSIT.exe
D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.folha.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esimo.c.la/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows XP Edition Classic Plus
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: (no name) - {3C0591A7-E7B4-4F55-B400-E2465FDC2F9E} - D:\WINDOWS\system32\hgGxUlKB.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - D:\Program Files\GbPlugin\gbieh.dll
O4 - HKLM\..\Run: [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Apoint] D:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://edinhoscolari.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O20 - AppInit_DLLs: eavhjg.dll
O20 - Winlogon Notify: GbPluginBb - D:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PDAgent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8150 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29 468280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C0591A7-E7B4-4F55-B400-E2465FDC2F9E}]
D:\WINDOWS\system32\hgGxUlKB.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
GbIehObj Class - D:\Program Files\GbPlugin\gbieh.dll [2008-04-15 378696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"=D:\WINDOWS\VistaDrive\VistaDrive.exe [2006-10-05 280779]
"SunJavaUpdateSched"=D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"CTHelper"=D:\WINDOWS\CTHELPER.EXE [2006-05-24 17920]
"CTxfiHlp"=D:\WINDOWS\system32\CTXFIHLP.EXE [2006-05-24 18944]
"UpdReg"=D:\WINDOWS\UpdReg.EXE [2000-05-10 90112]
"Apoint"=D:\Program Files\Apoint2K\Apoint.exe [2008-06-01 196608]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"avgnt"=D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"ISTray"=D:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\005c6137]
D:\WINDOWS\system32\pxqhyygq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="eavhjg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]
D:\Program Files\GbPlugin\gbieh.dll [2008-04-15 378696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2008-08-21 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-23 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=D:\Program Files\GbPlugin\gbieh.dll [2008-04-15 378696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
D:\WINDOWS\system32\hgGxUlKB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\Steam\steamapps\gaminy\counter-strike\hl.exe"="D:\Program Files\Steam\steamapps\gaminy\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"D:\Nexon\Combat Arms\CombatArms.exe"="D:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Nexon\Combat Arms\Engine.exe"="D:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"D:\Nexon\Combat Arms\NMService.exe"="D:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Nexon\Combat Arms\CombatArms.exe"="D:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Nexon\Combat Arms\Engine.exe"="D:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

======List of files/folders created in the last 2 months======

2008-11-16 21:45:30 ----D---- D:\rsit
2008-11-16 21:09:51 ----D---- D:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-11-16 21:09:45 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2008-11-16 21:09:45 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-14 19:21:05 ----D---- D:\Documents and Settings\All Users\Application Data\PC Tools
2008-11-14 14:04:49 ----A---- D:\WINDOWS\system32\MRT.INI
2008-11-14 14:03:26 ----HDC---- D:\WINDOWS\$NtUninstallKB957097$
2008-11-14 14:03:22 ----HDC---- D:\WINDOWS\$NtUninstallKB954459$
2008-11-14 14:03:19 ----A---- D:\WINDOWS\imsins.BAK
2008-11-14 14:03:14 ----HDC---- D:\WINDOWS\$NtUninstallKB955069$
2008-11-14 13:59:07 ----D---- D:\Program Files\Fichiers communs\PC Tools
2008-11-13 22:41:13 ----D---- D:\Program Files\Spyware Doctor
2008-11-13 22:41:13 ----D---- D:\Documents and Settings\Administrateur\Application Data\PC Tools
2008-11-13 20:59:53 ----A---- D:\WINDOWS\system32\CF22555.exe
2008-11-13 20:55:38 ----A---- D:\WINDOWS\system32\CF21732.exe
2008-11-13 20:54:42 ----A---- D:\WINDOWS\system32\CF21549.exe
2008-11-13 20:28:08 ----D---- D:\WINDOWS\ERUNT
2008-11-13 20:25:39 ----A---- D:\WINDOWS\ntbtlog.txt
2008-11-13 00:32:13 ----A---- D:\WINDOWS\system32\CF11398.exe
2008-11-13 00:31:33 ----A---- D:\WINDOWS\system32\CF11261.exe
2008-11-13 00:14:48 ----D---- D:\WINDOWS\ERDNT
2008-11-13 00:14:43 ----A---- D:\WINDOWS\system32\CF7969.exe
2008-11-13 00:06:06 ----D---- D:\Program Files\Trend Micro
2008-11-07 13:06:19 ----D---- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-05 22:28:36 ----D---- D:\Documents and Settings\All Users\Application Data\ESET
2008-10-23 23:32:25 ----HDC---- D:\WINDOWS\$NtUninstallKB958644$
2008-10-15 20:00:02 ----HDC---- D:\WINDOWS\$NtUninstallKB956803$
2008-10-15 19:59:59 ----HDC---- D:\WINDOWS\$NtUninstallKB956391$
2008-10-15 19:59:56 ----HDC---- D:\WINDOWS\$NtUninstallKB957095$
2008-10-15 19:59:40 ----HDC---- D:\WINDOWS\$NtUninstallKB954211$
2008-10-15 19:59:34 ----HDC---- D:\WINDOWS\$NtUninstallKB956841$
2008-10-15 19:58:27 ----HDC---- D:\WINDOWS\$NtUninstallKB953155$
2008-10-09 13:32:28 ----A---- D:\WINDOWS\system32\avsda.dll
2008-10-09 13:32:27 ----D---- D:\Program Files\Avira
2008-10-03 12:16:14 ----RHD---- D:\Documents and Settings\Administrateur\Application Data\SecuROM
2008-10-03 12:16:13 ----A---- D:\WINDOWS\system32\CmdLineExt.dll
2008-09-30 16:43:34 ----A---- D:\WINDOWS\system32\msxml4.dll
2008-09-30 12:42:10 ----D---- D:\Documents and Settings\All Users\Application Data\ATI
2008-09-30 12:27:46 ----N---- D:\WINDOWS\system32\ati2sgag.exe
2008-09-30 12:26:51 ----D---- D:\ATI
2008-09-29 14:40:50 ----D---- D:\Documents and Settings\Administrateur\Application Data\SPORE
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\XAudio2_2.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\xactengine3_2.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\D3DX9_39.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\d3dx10_39.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-29 14:33:38 ----A---- D:\WINDOWS\system32\XAudio2_1.dll
2008-09-29 14:33:38 ----A---- D:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-29 14:33:38 ----A---- D:\WINDOWS\system32\xactengine3_1.dll
2008-09-29 14:33:38 ----A---- D:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\XAudio2_0.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\xactengine3_0.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\D3DX9_38.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\d3dx10_38.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-29 14:33:36 ----A---- D:\WINDOWS\system32\X3DAudio1_3.dll
2008-09-29 14:33:36 ----A---- D:\WINDOWS\system32\D3DX9_37.dll
2008-09-29 14:33:36 ----A---- D:\WINDOWS\system32\d3dx10_37.dll
2008-09-29 14:33:36 ----A---- D:\WINDOWS\system32\D3DCompiler_37.dll
2008-09-29 14:33:18 ----D---- D:\WINDOWS\system32\DirectX
2008-09-29 14:33:12 ----D---- D:\WINDOWS\Logs
2008-09-28 22:03:46 ----D---- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

======List of files/folders modified in the last 2 months======

2008-11-16 21:45:42 ----D---- D:\Program Files\Mozilla Firefox
2008-11-16 21:45:33 ----D---- D:\WINDOWS\Temp
2008-11-16 21:45:32 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2008-11-16 21:45:18 ----D---- D:\WINDOWS\system32\drivers
2008-11-16 21:45:16 ----D---- D:\WINDOWS\system32\inetsrv
2008-11-16 21:43:14 ----A---- D:\WINDOWS\SchedLgU.Txt
2008-11-16 21:42:31 ----D---- D:\WINDOWS\system32\Restore
2008-11-16 21:09:51 ----D---- D:\WINDOWS\Prefetch
2008-11-16 21:09:45 ----RD---- D:\Program Files
2008-11-16 20:52:36 ----D---- D:\WINDOWS\system32
2008-11-16 20:50:23 ----D---- D:\WINDOWS
2008-11-16 20:50:08 ----SHD---- D:\System Volume Information
2008-11-16 16:26:58 ----D---- D:\WINDOWS\system32\config
2008-11-16 11:32:07 ----D---- D:\WINDOWS\system32\CatRoot2
2008-11-14 14:05:31 ----SHD---- D:\WINDOWS\Installer
2008-11-14 14:05:30 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-14 14:04:06 ----D---- D:\WINDOWS\Debug
2008-11-14 14:03:28 ----RSHDC---- D:\WINDOWS\system32\dllcache
2008-11-14 14:03:28 ----HD---- D:\WINDOWS\inf
2008-11-14 14:03:26 ----HD---- D:\WINDOWS\$hf_mig$
2008-11-14 14:03:09 ----D---- D:\WINDOWS\WinSxS
2008-11-14 13:59:07 ----D---- D:\Program Files\Fichiers communs
2008-11-13 22:42:47 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2008-11-13 22:33:20 ----D---- D:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-11-13 21:12:08 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
2008-11-13 21:03:22 ----D---- D:\WINDOWS\Minidump
2008-11-13 20:18:44 ----A---- D:\WINDOWS\NeroDigital.ini
2008-11-08 21:11:10 ----A---- D:\WINDOWS\win.ini
2008-11-08 21:11:10 ----A---- D:\WINDOWS\system.ini
2008-11-08 21:11:00 ----D---- D:\WINDOWS\pss
2008-11-05 20:58:51 ----D---- D:\WINDOWS\system32\Logfiles
2008-11-04 21:50:15 ----D---- D:\WINDOWS\Help
2008-11-03 22:10:25 ----A---- D:\WINDOWS\system32\MRT.exe
2008-10-16 20:35:48 ----SD---- D:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-10-16 14:13:40 ----A---- D:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- D:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- D:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- D:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:58 ----A---- D:\WINDOWS\system32\wups.dll
2008-10-16 14:08:06 ----A---- D:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:32 ----A---- D:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- D:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- D:\WINDOWS\system32\mucltui.dll
2008-10-16 14:06:40 ----A---- D:\WINDOWS\system32\mucltui.dll.mui
2008-10-15 19:59:52 ----D---- D:\Program Files\Internet Explorer
2008-10-15 14:35:43 ----A---- D:\WINDOWS\system32\netapi32.dll
2008-10-13 19:29:01 ----D---- D:\Program Files\DAEMON Tools
2008-10-03 14:22:30 ----A---- D:\WINDOWS\system32\ieframe.dll
2008-10-03 12:11:55 ----HD---- D:\Program Files\InstallShield Installation Information
2008-10-02 22:02:53 ----RSD---- D:\WINDOWS\assembly
2008-09-30 12:30:39 ----D---- D:\Program Files\ATI Technologies
2008-09-30 12:28:03 ----D---- D:\WINDOWS\system32\ReinstallBackups
2008-09-28 21:55:53 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; D:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-13 75072]
R1 IKSysFlt;System Filter Driver; D:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; D:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 pctfw2;pctfw2; \??\D:\WINDOWS\system32\drivers\pctfw2.sys []
R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840]
R3 avgntflt;avgntflt; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctac32k;Creative AC3 Software Decoder; D:\WINDOWS\system32\drivers\ctac32k.sys [2006-05-24 502272]
R3 ctaud2k;Creative Audio Driver (WDM); D:\WINDOWS\system32\drivers\ctaud2k.sys [2006-05-24 499584]
R3 ctprxy2k;Creative Proxy Driver; D:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-05-24 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; D:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-05-24 143872]
R3 emupia;E-mu Plug-in Architecture Driver; D:\WINDOWS\system32\drivers\emupia2k.sys [2006-05-24 78336]
R3 ha20x2k;Creative 20X HAL Driver; D:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-24 1110016]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 mouhid;Pilote HID de souris; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-28 12288]
R3 ossrv;Creative OS Services Driver; D:\WINDOWS\system32\drivers\ctoss2k.sys [2006-05-24 116224]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 apati2ww;apati2ww; D:\WINDOWS\system32\drivers\apati2ww.sys []
S3 ApfiltrService;Alps Pointing-device Filter Driver; D:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-06-01 101833]
S3 ctdvda2k;Creative DVD-Audio Device Driver; D:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 EagleNT;EagleNT; \??\D:\WINDOWS\system32\drivers\EagleNT.sys []
S3 gdrv;gdrv; \??\D:\WINDOWS\gdrv.sys []
S3 usbscan;Pilote de scanneur USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-05-23 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-23 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 Sr;Pilote de filtre de restauration système; D:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2008-08-21 573440]
R2 IISADMIN;Administration IIS; D:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15872]
R2 PDAgent;PDAgent; D:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-05-24 415248]
R2 sdAuxService;PC Tools Auxiliary Service; D:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; D:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 W3SVC;Publication World Wide Web; D:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 PDEngine;PDEngine; D:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-05-24 734736]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-07-15 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-07-15 68952]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; D:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; D:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; D:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------
Clique para expandir...
Scolari, vá em Iniciar > Executar, digite sysdm.cpl e tecle Enter. Clique na aba Restauração do Sistema e marque a opção Desativar restauração do sistema > OK. Pois o vírus infectou a pasta da restauração do sistema em seu pc, caso deixe a restauração ativada o vírus poderá ser restaurado. Após terminarmos de limpar sua máquina volte neste mesmo local e desmarque esta opção Scolari.

O rootkit (mais perigoso e complicado) foi removido com sucesso. Porém, o trojan vundo continua nos logs.
Execute o Malwarebytes e clique na aba Quarentena. Selecione todos os arquivos e clique no botão Remover Tudo. Siga as instruções abaixo Scolari.

- Faça o download do VundoFix e salve-o em sua área de trabalho.

● Rode o VundoFix.exe dando dois cliques;
● Quando o VundoFix abrir novamente, clique em Scan for Vundo;
● Quando ele terminar, clique em Remove Vundo;
● Você receberá um prompt perguntando se você quer remover os arquivos. Confirme. Sua área de trabalho vai sumir;
● Você receberá um aviso dizendo que seu computador deve ser desligado. Clique em OK e depois ligue o computador novamente;
● É possível que o VundoFix encontre um arquivo, mas não consiga removê-lo. Se isso acontecer, a ferramenta rodará ao reiniciar.
● Quando o VundoFix aparecer, clique no botão Scan for Vundo para repetir o processo.

Quando o VundoFix não encontrar mais nenhum arquivo que não consegue remover, faça um novo log do RSIT e cole junto com o log VundoFix.txt Scolari.
 
VundoFix diz não ter encontrado infecções wolf.

Segue Rsit:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-11-16 22:15:12
Microsoft Windows XP Professionnel Service Pack 3
System drive D: has 11 GB (52%) free of 20 GB
Total RAM: 1918 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15, on 2008-11-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\GbPlugin\GbpSv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\WINDOWS\VistaDrive\VistaDrive.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\CTHELPER.EXE
D:\WINDOWS\system32\CTXFIHLP.EXE
D:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Documents and Settings\Administrateur\Bureau\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.folha.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esimo.c.la/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows XP Edition Classic Plus
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: (no name) - {3C0591A7-E7B4-4F55-B400-E2465FDC2F9E} - D:\WINDOWS\system32\hgGxUlKB.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - D:\Program Files\GbPlugin\gbieh.dll
O4 - HKLM\..\Run: [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Apoint] D:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://edinhoscolari.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O20 - AppInit_DLLs: eavhjg.dll
O20 - Winlogon Notify: GbPluginBb - D:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PDAgent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8308 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29 468280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C0591A7-E7B4-4F55-B400-E2465FDC2F9E}]
D:\WINDOWS\system32\hgGxUlKB.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
GbIehObj Class - D:\Program Files\GbPlugin\gbieh.dll [2008-04-15 378696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"=D:\WINDOWS\VistaDrive\VistaDrive.exe [2006-10-05 280779]
"SunJavaUpdateSched"=D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"CTHelper"=D:\WINDOWS\CTHELPER.EXE [2006-05-24 17920]
"CTxfiHlp"=D:\WINDOWS\system32\CTXFIHLP.EXE [2006-05-24 18944]
"UpdReg"=D:\WINDOWS\UpdReg.EXE [2000-05-10 90112]
"Apoint"=D:\Program Files\Apoint2K\Apoint.exe [2008-06-01 196608]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"avgnt"=D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"ISTray"=D:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\005c6137]
D:\WINDOWS\system32\pxqhyygq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="eavhjg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]
D:\Program Files\GbPlugin\gbieh.dll [2008-04-15 378696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2008-08-21 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-23 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=D:\Program Files\GbPlugin\gbieh.dll [2008-04-15 378696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
D:\WINDOWS\system32\hgGxUlKB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\Steam\steamapps\gaminy\counter-strike\hl.exe"="D:\Program Files\Steam\steamapps\gaminy\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"D:\Nexon\Combat Arms\CombatArms.exe"="D:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Nexon\Combat Arms\Engine.exe"="D:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"D:\Nexon\Combat Arms\NMService.exe"="D:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Nexon\Combat Arms\CombatArms.exe"="D:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Nexon\Combat Arms\Engine.exe"="D:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

======List of files/folders created in the last 2 months======

2008-11-16 22:08:56 ----D---- D:\VundoFix Backups
2008-11-16 22:08:56 ----A---- D:\VundoFix.txt
2008-11-16 21:45:30 ----D---- D:\rsit
2008-11-16 21:09:51 ----D---- D:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-11-16 21:09:45 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2008-11-16 21:09:45 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-14 19:21:05 ----D---- D:\Documents and Settings\All Users\Application Data\PC Tools
2008-11-14 14:04:49 ----A---- D:\WINDOWS\system32\MRT.INI
2008-11-14 14:03:26 ----HDC---- D:\WINDOWS\$NtUninstallKB957097$
2008-11-14 14:03:22 ----HDC---- D:\WINDOWS\$NtUninstallKB954459$
2008-11-14 14:03:19 ----A---- D:\WINDOWS\imsins.BAK
2008-11-14 14:03:14 ----HDC---- D:\WINDOWS\$NtUninstallKB955069$
2008-11-14 13:59:07 ----D---- D:\Program Files\Fichiers communs\PC Tools
2008-11-13 22:41:13 ----D---- D:\Program Files\Spyware Doctor
2008-11-13 22:41:13 ----D---- D:\Documents and Settings\Administrateur\Application Data\PC Tools
2008-11-13 20:59:53 ----A---- D:\WINDOWS\system32\CF22555.exe
2008-11-13 20:55:38 ----A---- D:\WINDOWS\system32\CF21732.exe
2008-11-13 20:54:42 ----A---- D:\WINDOWS\system32\CF21549.exe
2008-11-13 20:28:08 ----D---- D:\WINDOWS\ERUNT
2008-11-13 20:25:39 ----A---- D:\WINDOWS\ntbtlog.txt
2008-11-13 00:32:13 ----A---- D:\WINDOWS\system32\CF11398.exe
2008-11-13 00:31:33 ----A---- D:\WINDOWS\system32\CF11261.exe
2008-11-13 00:14:48 ----D---- D:\WINDOWS\ERDNT
2008-11-13 00:14:43 ----A---- D:\WINDOWS\system32\CF7969.exe
2008-11-13 00:06:06 ----D---- D:\Program Files\Trend Micro
2008-11-07 13:06:19 ----D---- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-05 22:28:36 ----D---- D:\Documents and Settings\All Users\Application Data\ESET
2008-10-23 23:32:25 ----HDC---- D:\WINDOWS\$NtUninstallKB958644$
2008-10-15 20:00:02 ----HDC---- D:\WINDOWS\$NtUninstallKB956803$
2008-10-15 19:59:59 ----HDC---- D:\WINDOWS\$NtUninstallKB956391$
2008-10-15 19:59:56 ----HDC---- D:\WINDOWS\$NtUninstallKB957095$
2008-10-15 19:59:40 ----HDC---- D:\WINDOWS\$NtUninstallKB954211$
2008-10-15 19:59:34 ----HDC---- D:\WINDOWS\$NtUninstallKB956841$
2008-10-15 19:58:27 ----HDC---- D:\WINDOWS\$NtUninstallKB953155$
2008-10-09 13:32:28 ----A---- D:\WINDOWS\system32\avsda.dll
2008-10-09 13:32:27 ----D---- D:\Program Files\Avira
2008-10-03 12:16:14 ----RHD---- D:\Documents and Settings\Administrateur\Application Data\SecuROM
2008-10-03 12:16:13 ----A---- D:\WINDOWS\system32\CmdLineExt.dll
2008-09-30 16:43:34 ----A---- D:\WINDOWS\system32\msxml4.dll
2008-09-30 12:42:10 ----D---- D:\Documents and Settings\All Users\Application Data\ATI
2008-09-30 12:27:46 ----N---- D:\WINDOWS\system32\ati2sgag.exe
2008-09-30 12:26:51 ----D---- D:\ATI
2008-09-29 14:40:50 ----D---- D:\Documents and Settings\Administrateur\Application Data\SPORE
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\XAudio2_2.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\xactengine3_2.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\D3DX9_39.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\d3dx10_39.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-29 14:33:38 ----A---- D:\WINDOWS\system32\XAudio2_1.dll
2008-09-29 14:33:38 ----A---- D:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-29 14:33:38 ----A---- D:\WINDOWS\system32\xactengine3_1.dll
2008-09-29 14:33:38 ----A---- D:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\XAudio2_0.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\xactengine3_0.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\D3DX9_38.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\d3dx10_38.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-29 14:33:36 ----A---- D:\WINDOWS\system32\X3DAudio1_3.dll
2008-09-29 14:33:36 ----A---- D:\WINDOWS\system32\D3DX9_37.dll
2008-09-29 14:33:36 ----A---- D:\WINDOWS\system32\d3dx10_37.dll
2008-09-29 14:33:36 ----A---- D:\WINDOWS\system32\D3DCompiler_37.dll
2008-09-29 14:33:18 ----D---- D:\WINDOWS\system32\DirectX
2008-09-29 14:33:12 ----D---- D:\WINDOWS\Logs
2008-09-28 22:03:46 ----D---- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

======List of files/folders modified in the last 2 months======

2008-11-16 22:14:35 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2008-11-16 22:14:26 ----D---- D:\WINDOWS\Temp
2008-11-16 22:08:58 ----D---- D:\WINDOWS\Prefetch
2008-11-16 22:07:10 ----D---- D:\Program Files\Mozilla Firefox
2008-11-16 21:46:41 ----D---- D:\WINDOWS\system32\inetsrv
2008-11-16 21:45:18 ----D---- D:\WINDOWS\system32\drivers
2008-11-16 21:43:14 ----A---- D:\WINDOWS\SchedLgU.Txt
2008-11-16 21:42:31 ----D---- D:\WINDOWS\system32\Restore
2008-11-16 21:09:45 ----RD---- D:\Program Files
2008-11-16 20:52:36 ----D---- D:\WINDOWS\system32
2008-11-16 20:50:23 ----D---- D:\WINDOWS
2008-11-16 20:50:08 ----SHD---- D:\System Volume Information
2008-11-16 16:26:58 ----D---- D:\WINDOWS\system32\config
2008-11-16 11:32:07 ----D---- D:\WINDOWS\system32\CatRoot2
2008-11-14 14:05:31 ----SHD---- D:\WINDOWS\Installer
2008-11-14 14:05:30 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-14 14:04:06 ----D---- D:\WINDOWS\Debug
2008-11-14 14:03:28 ----RSHDC---- D:\WINDOWS\system32\dllcache
2008-11-14 14:03:28 ----HD---- D:\WINDOWS\inf
2008-11-14 14:03:26 ----HD---- D:\WINDOWS\$hf_mig$
2008-11-14 14:03:09 ----D---- D:\WINDOWS\WinSxS
2008-11-14 13:59:07 ----D---- D:\Program Files\Fichiers communs
2008-11-13 22:42:47 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2008-11-13 22:33:20 ----D---- D:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-11-13 21:12:08 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
2008-11-13 21:03:22 ----D---- D:\WINDOWS\Minidump
2008-11-13 20:18:44 ----A---- D:\WINDOWS\NeroDigital.ini
2008-11-08 21:11:10 ----A---- D:\WINDOWS\win.ini
2008-11-08 21:11:10 ----A---- D:\WINDOWS\system.ini
2008-11-08 21:11:00 ----D---- D:\WINDOWS\pss
2008-11-05 20:58:51 ----D---- D:\WINDOWS\system32\Logfiles
2008-11-04 21:50:15 ----D---- D:\WINDOWS\Help
2008-11-03 22:10:25 ----A---- D:\WINDOWS\system32\MRT.exe
2008-10-16 20:35:48 ----SD---- D:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-10-16 14:13:40 ----A---- D:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- D:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- D:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- D:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:58 ----A---- D:\WINDOWS\system32\wups.dll
2008-10-16 14:08:06 ----A---- D:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:32 ----A---- D:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- D:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- D:\WINDOWS\system32\mucltui.dll
2008-10-16 14:06:40 ----A---- D:\WINDOWS\system32\mucltui.dll.mui
2008-10-15 19:59:52 ----D---- D:\Program Files\Internet Explorer
2008-10-15 14:35:43 ----A---- D:\WINDOWS\system32\netapi32.dll
2008-10-13 19:29:01 ----D---- D:\Program Files\DAEMON Tools
2008-10-03 14:22:30 ----A---- D:\WINDOWS\system32\ieframe.dll
2008-10-03 12:11:55 ----HD---- D:\Program Files\InstallShield Installation Information
2008-10-02 22:02:53 ----RSD---- D:\WINDOWS\assembly
2008-09-30 12:30:39 ----D---- D:\Program Files\ATI Technologies
2008-09-30 12:28:03 ----D---- D:\WINDOWS\system32\ReinstallBackups
2008-09-28 21:55:53 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; D:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-13 75072]
R1 IKSysFlt;System Filter Driver; D:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; D:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 pctfw2;pctfw2; \??\D:\WINDOWS\system32\drivers\pctfw2.sys []
R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840]
R3 avgntflt;avgntflt; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctac32k;Creative AC3 Software Decoder; D:\WINDOWS\system32\drivers\ctac32k.sys [2006-05-24 502272]
R3 ctaud2k;Creative Audio Driver (WDM); D:\WINDOWS\system32\drivers\ctaud2k.sys [2006-05-24 499584]
R3 ctprxy2k;Creative Proxy Driver; D:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-05-24 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; D:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-05-24 143872]
R3 emupia;E-mu Plug-in Architecture Driver; D:\WINDOWS\system32\drivers\emupia2k.sys [2006-05-24 78336]
R3 ha20x2k;Creative 20X HAL Driver; D:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-24 1110016]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 mouhid;Pilote HID de souris; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-28 12288]
R3 ossrv;Creative OS Services Driver; D:\WINDOWS\system32\drivers\ctoss2k.sys [2006-05-24 116224]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 apati2ww;apati2ww; D:\WINDOWS\system32\drivers\apati2ww.sys []
S3 ApfiltrService;Alps Pointing-device Filter Driver; D:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-06-01 101833]
S3 ctdvda2k;Creative DVD-Audio Device Driver; D:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 EagleNT;EagleNT; \??\D:\WINDOWS\system32\drivers\EagleNT.sys []
S3 gdrv;gdrv; \??\D:\WINDOWS\gdrv.sys []
S3 usbscan;Pilote de scanneur USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-05-23 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-23 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 Sr;Pilote de filtre de restauration système; D:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2008-08-21 573440]
R2 IISADMIN;Administration IIS; D:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15872]
R2 PDAgent;PDAgent; D:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-05-24 415248]
R2 sdAuxService;PC Tools Auxiliary Service; D:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; D:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 W3SVC;Publication World Wide Web; D:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 PDEngine;PDEngine; D:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-05-24 734736]
R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; D:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-07-15 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-07-15 68952]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; D:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; D:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------
 
Scolari, consegue rodar o ComboFix aí? Como abaixo dentro do spoiler.

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.
 
Nao entendo o que tah escrito ai, varios programas que antes nao funcionavam voltaram a funcionar.


ComboFix 08-11-16.02 - Gabriel 2008-11-16 22:04:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1558 [GMT -2:00]
Running from: D:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gabriel\Application Data\gadcom
c:\documents and settings\Gabriel\Application Data\gadcom\gadcom.exe
c:\documents and settings\Gabriel\Application Data\SpeedRunner
c:\documents and settings\Gabriel\Application Data\SpeedRunner\config.cfg
c:\documents and settings\Gabriel\Application Data\SpeedRunner\SRUninstall.exe
c:\documents and settings\Gabriel\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Gabriel\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Gabriel\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CSNETMANAGERXP
-------\Service_CSNetManagerXp


((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-16 21:03 . 2008-11-16 21:03 <DIR> d-------- c:\program files\Trend Micro
2008-11-16 20:50 . 2008-11-16 20:50 <DIR> d-------- c:\windows\Sun
2008-11-13 12:22 . 2008-11-13 12:22 <DIR> d--h----- c:\windows\PIF
2008-11-11 23:53 . 2008-11-11 23:53 <DIR> d-------- c:\documents and settings\Gabriel\Application Data\Twain
2008-11-11 23:48 . 2008-11-11 23:48 <DIR> d-------- c:\program files\Webtools
2008-11-11 18:17 . 2008-11-11 18:17 <DIR> d--hs---- c:\windows\ftpcache
2008-11-09 18:25 . 2008-11-09 18:25 <DIR> d-------- c:\windows\system32\Futuremark
2008-11-09 18:25 . 2008-11-09 18:25 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2008-11-09 18:25 . 2008-09-17 16:14 27,672 -ra------ c:\windows\system32\drivers\Entech.sys
2008-10-29 21:51 . 2008-10-29 22:02 <DIR> d-------- c:\program files\SopCast
2008-10-28 02:07 . 2008-10-28 02:07 <DIR> d-------- c:\documents and settings\Gabriel\Application Data\Disney Interactive Studios
2008-10-25 16:35 . 2008-10-25 16:35 <DIR> d-------- c:\documents and settings\Gabriel\Shaders
2008-10-24 11:11 . 2008-10-24 11:11 <DIR> d-------- c:\documents and settings\Gabriel\Application Data\2K Sports
2008-10-22 19:05 . 2008-10-22 19:05 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2008-10-22 19:05 . 2008-10-22 19:05 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-10-22 19:05 . 2008-10-22 19:05 22,328 --a------ c:\documents and settings\Gabriel\Application Data\PnkBstrK.sys
2008-10-22 19:04 . 2008-10-22 19:04 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-10-22 19:04 . 2008-10-22 19:04 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-10-17 13:37 . 2008-10-17 13:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 23:25 --------- d-----w c:\documents and settings\Gabriel\Application Data\uTorrent
2008-11-16 22:48 --------- d-----w c:\program files\uTorrent
2008-11-16 13:43 --------- d-----w c:\program files\Steam
2008-11-11 20:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 16:53 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-21 14:19 --------- d-----w c:\program files\Google
2008-10-17 15:13 --------- d-----w c:\program files\ATI Technologies
2008-10-01 06:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-30 17:17 --------- d-----w c:\program files\Microsoft Works
2008-09-30 17:16 --------- d-----w c:\program files\Microsoft.NET
2008-09-30 14:35 --------- d-----w c:\program files\BrOffice.org 2.4
2008-09-30 09:26 --------- d-----w c:\documents and settings\Gabriel\Application Data\BrOffice.org2
2008-09-28 15:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-27 13:49 --------- d-----w c:\program files\LimeWire
2008-09-27 13:48 --------- d-----w c:\documents and settings\Gabriel\Application Data\LimeWire
2008-09-27 13:45 --------- d-----w c:\program files\Java
2008-09-27 13:41 --------- d-----w c:\program files\Common Files\Java
2008-09-24 03:09 3,331,072 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-09-24 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ABIT uGuruIII"="c:\program files\ABIT\uGuru\uGuru.exe" [2006-10-24 417792]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5714944]
"Google Update"="c:\documents and settings\Gabriel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"Octoshape Streaming Services"="c:\documents and settings\Gabriel\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2008-05-22 156944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 06:42 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-08 12:11 1410296 c:\program files\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2008-08-12 14592]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 93696]
S2 gupdate1c90ceee48dc1d8;Google Update Service (gupdate1c90ceee48dc1d8);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-09-02 133104]
S3 cpuz129;cpuz129;\??\c:\docume~1\Gabriel\LOCALS~1\Temp\cpuz_x32.sys []
S3 cpuz130;cpuz130;\??\c:\docume~1\Gabriel\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S4 hpt3xx;hpt3xx; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80ea417d-6cbd-11dd-acff-00508d9553cd}]
\Shell\AutoRun\command - E:\autorun.exe -auto
.
Contents of the 'Scheduled Tasks' folder

2008-11-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-02 09:27]

2008-11-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Gabriel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 09:27]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\anxz6ca4.default\
FF -: plugin - c:\documents and settings\Gabriel\Application Data\Mozilla\plugins\npoctoshape.dll
FF -: plugin - c:\documents and settings\Gabriel\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - c:\documents and settings\Gabriel\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0808270_SUA_900\npoctoshape.dll
FF -: plugin - c:\documents and settings\Gabriel\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll
FF -: plugin - c:\program files\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - c:\program files\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 22:09:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\HTT8.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\ALCFDRTM.EXE
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-11-16 22:12:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-17 00:12:54

Pre-Run: 11.352.993.792 bytes free
Post-Run: 12,561,281,024 bytes free

161 --- E O F --- 2008-10-01 06:06:23
 
Dr. Strangelove

Delete a pasta C:\Qoobox e o arquivo C:\ComboFix.txt.

Selecione e copie este texto abaixo e cole em seu bloco de notas. Salve-o em sua área de trabalho com o nome de CFScript.txt

Folder::
c:\documents and settings\Gabriel\Application Data\Twain

FileLook::
c:\documents and settings\Gabriel\Application Data\PnkBstrK.sys

SysRst::
Clique para expandir...

Arraste o CFScript para o ComboFix conforme a imagem abaixo:

CFScript.gif


● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● seu computador será reiniciado automaticamente;

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Como está a máquina?
 
ComboFix 08-11-16.04 - Gabriel 2008-11-16 23:03:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1368 [GMT -2:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\documents and settings\Gabriel\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-16 22:39 . 2008-11-16 22:39 <DIR> d-------- c:\windows\LastGood
2008-11-16 22:30 . 2008-11-16 22:30 <DIR> d-------- c:\program files\Avira
2008-11-16 22:30 . 2008-11-16 22:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-16 21:03 . 2008-11-16 21:03 <DIR> d-------- c:\program files\Trend Micro
2008-11-16 20:50 . 2008-11-16 20:50 <DIR> d-------- c:\windows\Sun
2008-11-13 12:22 . 2008-11-13 12:22 <DIR> d--h----- c:\windows\PIF
2008-11-11 23:53 . 2008-11-16 22:41 <DIR> d-------- c:\documents and settings\Gabriel\Application Data\Twain
2008-11-11 23:48 . 2008-11-11 23:48 <DIR> d-------- c:\program files\Webtools
2008-11-11 18:17 . 2008-11-11 18:17 <DIR> d--hs---- c:\windows\ftpcache
2008-11-09 18:25 . 2008-11-09 18:25 <DIR> d-------- c:\windows\system32\Futuremark
2008-11-09 18:25 . 2008-11-09 18:25 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2008-11-09 18:25 . 2008-09-17 16:14 27,672 -ra------ c:\windows\system32\drivers\Entech.sys
2008-10-29 21:51 . 2008-10-29 22:02 <DIR> d-------- c:\program files\SopCast
2008-10-28 02:07 . 2008-10-28 02:07 <DIR> d-------- c:\documents and settings\Gabriel\Application Data\Disney Interactive Studios
2008-10-25 16:35 . 2008-10-25 16:35 <DIR> d-------- c:\documents and settings\Gabriel\Shaders
2008-10-24 11:11 . 2008-10-24 11:11 <DIR> d-------- c:\documents and settings\Gabriel\Application Data\2K Sports
2008-10-22 19:05 . 2008-10-22 19:05 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2008-10-22 19:05 . 2008-10-22 19:05 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-10-22 19:05 . 2008-10-22 19:05 22,328 --a------ c:\documents and settings\Gabriel\Application Data\PnkBstrK.sys
2008-10-22 19:04 . 2008-10-22 19:04 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-10-22 19:04 . 2008-10-22 19:04 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-10-17 13:37 . 2008-10-17 13:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 23:25 --------- d-----w c:\documents and settings\Gabriel\Application Data\uTorrent
2008-11-16 22:48 --------- d-----w c:\program files\uTorrent
2008-11-16 13:43 --------- d-----w c:\program files\Steam
2008-11-11 20:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 16:53 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-28 15:49 3,638 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-10-21 14:19 --------- d-----w c:\program files\Google
2008-10-17 15:13 --------- d-----w c:\program files\ATI Technologies
2008-10-01 06:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-30 17:17 --------- d-----w c:\program files\Microsoft Works
2008-09-30 17:16 --------- d-----w c:\program files\Microsoft.NET
2008-09-30 14:35 --------- d-----w c:\program files\BrOffice.org 2.4
2008-09-30 09:26 --------- d-----w c:\documents and settings\Gabriel\Application Data\BrOffice.org2
2008-09-28 15:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-27 13:49 --------- d-----w c:\program files\LimeWire
2008-09-27 13:48 --------- d-----w c:\documents and settings\Gabriel\Application Data\LimeWire
2008-09-27 13:45 --------- d-----w c:\program files\Java
2008-09-27 13:41 --------- d-----w c:\program files\Common Files\Java
2008-09-24 03:09 3,331,072 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-09-24 02:18 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-09-24 02:17 311,296 ----a-w c:\windows\system32\ati2dvag.dll
2008-09-24 02:09 10,772,480 ----a-w c:\windows\system32\atioglxx.dll
2008-09-24 02:07 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-09-24 02:06 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-09-24 02:06 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-09-24 02:06 143,360 ----a-w c:\windows\system32\Oemdspif.dll
2008-09-24 02:06 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-09-24 02:04 581,632 ----a-w c:\windows\system32\ati2evxx.exe
2008-09-24 02:03 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-09-24 01:56 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-09-24 01:54 4,008,864 ----a-w c:\windows\system32\ati3duag.dll
2008-09-24 01:38 2,399,744 ----a-w c:\windows\system32\ativvaxx.dll
2008-09-24 01:24 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-09-24 01:20 380,928 ----a-w c:\windows\system32\atikvmag.dll
2008-09-24 01:19 39,424 ----a-w c:\windows\system32\atiadlxx.dll
2008-09-24 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-09-24 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll
2008-09-24 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-09-24 01:12 573,440 ----a-w c:\windows\system32\ati2cqag.dll
2008-09-24 00:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-09-15 01:40 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gabriel\Application Data\PnkBstrK.sys -- Unable to find Resource table header.
MD5: c3e33580a3a85be28612b83d0c321e20


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ABIT uGuruIII"="c:\program files\ABIT\uGuru\uGuru.exe" [2006-10-24 417792]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5714944]
"Google Update"="c:\documents and settings\Gabriel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"Octoshape Streaming Services"="c:\documents and settings\Gabriel\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2008-05-22 156944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 06:42 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-08 12:11 1410296 c:\program files\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2008-08-12 14592]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 93696]
R4 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys []
S2 gupdate1c90ceee48dc1d8;Google Update Service (gupdate1c90ceee48dc1d8);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-09-02 133104]
S3 cpuz129;cpuz129;\??\c:\docume~1\Gabriel\LOCALS~1\Temp\cpuz_x32.sys []
S3 cpuz130;cpuz130;\??\c:\docume~1\Gabriel\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S4 hpt3xx;hpt3xx; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80ea417d-6cbd-11dd-acff-00508d9553cd}]
\Shell\AutoRun\command - E:\autorun.exe -auto

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
Contents of the 'Scheduled Tasks' folder

2008-11-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-02 09:27]

2008-11-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Gabriel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 09:27]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 23:04:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-16 23:05:38
ComboFix-quarantined-files.txt 2008-11-17 01:05:34

Pre-Run: 12.486.455.296 bytes free
Post-Run: 12,465,664,000 bytes free

147 --- E O F --- 2008-10-01 06:06:23
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:31, on 16/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ABIT\uGuru\uGuru.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\ABIT\uGuru\uGuru.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gabriel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Gabriel\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c90ceee48dc1d8) (gupdate1c90ceee48dc1d8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6848 bytes

O PC parece estar bem melhor agora.
 
Dr. Strangelove

Por favor, vá em Iniciar > Executar, digite: combofix /u e tecle Enter para remover o ComboFix. Delete as pastas C:\Qoobox, C:\ComboFix e o arquivo C:\ComboFix.txt.

Seus logs estão limpos. O antivirus ainda detecta o dundun ou qualquer outra praga Dr. Strangelove?
 
alguem ja pegou o virus q de vez enquando toca uma mp3 :x tipo "ela balança o ** na vara" ieuahuiehaiu de vez enquando toca extravasa =\ hehe tipo uns 3 segundos...
 
Segue o meu, to com um problema aqui e desconfio de virus:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44:06, on 16/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe
C:\Arquivos de programas\Logitech\Gaming Software\LWEMon.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Gabriel-PC\Meus documentos\Programas\Programas\Core Temp.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Arquivos de programas\BitTorrent\bittorrent.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gabriel-PC\Meus documentos\Programas\Programas\GPU-Z.0.2.8.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DD153FDB-E2FB-40D2-8E36-F21C36B51DAD} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Arquivos de programas\RivaTuner v2.11\RivaTuner.exe" /S
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Arquivos de programas\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Core Temp] C:\Documents and Settings\Gabriel-PC\Meus documentos\Programas\Programas\Core Temp.exe
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O20 - Winlogon Notify: mlJCRLeC - mlJCRLeC.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

--
End of file - 5506 bytes

Vlw!
 
Mr.Wolf disse:
Dr. Strangelove

Por favor, vá em Iniciar > Executar, digite: combofix /u e tecle Enter para remover o ComboFix. Delete as pastas C:\Qoobox, C:\ComboFix e o arquivo C:\ComboFix.txt.

Seus logs estão limpos. O antivirus ainda detecta o dundun ou qualquer outra praga Dr. Strangelove?
Clique para expandir...

Ate agora nao, parece estar beleza, removi o NoD32 e instalei o avira.

Nussa, vlw mesmo pela ajuda, se dependesse soh de mim eu teria formatado e perdido muitos arquivos. Novamente muito obrigado :D
 
hotsauce2007, vá em Iniciar > Executar, digite: services.msc e tecle Enter. Veja se na lista de serviços do Windows consta o item Comodo Internet Security Helper Service. Ou outro item que se refira ao Comodo. Se sim, dê um duplo clique e clique no botão Parar. Reinicie o PC e veja se o problema ainda ocorre.


______________________________________________



fala wolf...

ele ja esta desativado...
e eu nao consigo mexer em nada...
se eu ativo...ele nao encontra o caminho...
e se eu desativo...ele continua la...:fist:

segue print:

imagembr7.jpg
 
4870's@over disse:
Segue o meu, to com um problema aqui e desconfio de virus:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44:06, on 16/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe
C:\Arquivos de programas\Logitech\Gaming Software\LWEMon.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Gabriel-PC\Meus documentos\Programas\Programas\Core Temp.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Arquivos de programas\BitTorrent\bittorrent.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gabriel-PC\Meus documentos\Programas\Programas\GPU-Z.0.2.8.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DD153FDB-E2FB-40D2-8E36-F21C36B51DAD} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Arquivos de programas\RivaTuner v2.11\RivaTuner.exe" /S
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Arquivos de programas\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Core Temp] C:\Documents and Settings\Gabriel-PC\Meus documentos\Programas\Programas\Core Temp.exe
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O20 - Winlogon Notify: mlJCRLeC - mlJCRLeC.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

--
End of file - 5506 bytes

Vlw!
Clique para expandir...
Sim amigo 4870's@over, seu computador está infectado, pelo Trojan Vundo e Trojan Agent. Siga os procedimentos abaixo dentro do spoiler 4870's@over.

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● No meio da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.
 
hotsauce2007, na verdade, não era nem para o Comdo estar presente na lista de serviços do Windows. Pois você excluiu ele e depois deletamos o restante dos arquivos aquela vez. Faça o seguinte hotsauce2007.

Execute o HijackThis e clique em Open the Misc Tools Section. Clique no botão Delete an NT Service. Na caixa que abrir digite: COMODO Firewall Pro Helper Service e dê um OK.

Reinicie seu computador e verifique se o problema ainda ocorre hotsauce2007.
 
Saudoso Mr. Wolf.. achei que meu problema havia sido solucionado por mim, mas nao foi.
O problema é que na hora de desligar a máquina, ela trava com a imagem de plano de fundo e o mouse na tela, apenas, mas mexendo o mouse.

Ta aqui o relatorio do BitDefender:
 

Attachments

  • bitdefender.txt
    1.9 KB · Visitas: 154
Mr.Wolf disse:
hotsauce2007, na verdade, não era nem para o Comdo estar presente na lista de serviços do Windows. Pois você excluiu ele e depois deletamos o restante dos arquivos aquela vez. Faça o seguinte hotsauce2007.

Execute o HijackThis e clique em Open the Misc Tools Section. Clique no botão Delete an NT Service. Na caixa que abrir digite: COMODO Firewall Pro Helper Service e dê um OK.

Reinicie seu computador e verifique se o problema ainda ocorre hotsauce2007.
Clique para expandir...



fala wolf...


o danado nao quer sair naum...:confused:

segue:

imagemid8.jpg
 
S.O.S Backup

Pessoal isso não é vírus, podem ficar tranqüilos, ocorre que o S.O.S Backup tem sua proteção rodando e o antivirus não consegue identificar a conexão que o programa faz via internet para liberar o registro e uso do mesmo.

Qualquer duvida pode me chamar no msn que ajudo, MSN: revendas@virtos.com.br


Mr.Wolf disse:
Opa amigo healer. Já que o ADSTechnology não está aí, pode deixar, já foi removido então com o Malwarebytes.

Quanto ao S.O.S Backup, mandei você enviá-lo para o VirusTotal pois tem um Worm que utiliza-o para infectar. Mas se ele é realmente de seu conhecimento para fazer os backups está tranquilo, não precisa usar o VirusTotal.

Mas faça sim o procedimento com o ComboFix, pois seu sistema está infectado mesmo sem os itens ditos acima.

Abraço

:thumbs_up
Clique para expandir...
 
Mr.Wolf disse:
Sim amigo 4870's@over, seu computador está infectado, pelo Trojan Vundo e Trojan Agent. Siga os procedimentos abaixo dentro do spoiler 4870's@over.

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● No meio da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.
Clique para expandir...

Fiz isso mais não resolveu, porem descobri um Processo que ao ligar o PC ele inicia e dps fecha rapidamente:

 
Mr.Wolf,

depois q passei os programas de pendrive aqui, criou as pastas autorun.inf como sempre, tanto no pendrive quanto nas partições do windows...

...mas agora não estou conseguindo fazer nada no pendrive (copiar, formatar, apagar), nem consigo apagar a pasta autorun.inf da partição do hd.

em ambos os casos fala que não tenho permissão. o que da pra fazer pra resolver isso?


detalhe que a pasta autorun.inf do hd é de antes da instalação desse windows, é de uma instalação passada em que ja não era possível apagar ela.
 
4870's@over, este processo que você destacou é legítmo do Windows.

Peço que mesmo assim poste o log do Malwarebytes que lhe pedi aqui 4870's@over.


________________________________________________________

Postado originalmente por JosMilanga
viewpost.gif

Mr.Wolf,

depois q passei os programas de pendrive aqui, criou as pastas autorun.inf como sempre, tanto no pendrive quanto nas partições do windows...

...mas agora não estou conseguindo fazer nada no pendrive (copiar, formatar, apagar), nem consigo apagar a pasta autorun.inf da partição do hd.

em ambos os casos fala que não tenho permissão. o que da pra fazer pra resolver isso?


detalhe que a pasta autorun.inf do hd é de antes da instalação desse windows, é de uma instalação passada em que ja não era possível apagar ela.
Clique para expandir...
JosMilanga, estranho isso!

Não era para ter criado a pasta autorun.inf após a execução das ferramentas não. Vamos remover esta pasta do seu HD.

Qual das ferramentas utilizou JosMilanga?
 
saporra, poste um log do HijackThis aqui, por favor.


____________________________________________________

hotsauce2007, você deu um OK nesta mensagem aí e reinicou a máquina?
 
Log do Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:23, on 17/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Arquivos de programas\Logitech\Gaming Software\LWEMon.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Gabriel-PC\Meus documentos\Programas\Programas\Core Temp.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [SpywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Arquivos de programas\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Core Temp] C:\Documents and Settings\Gabriel-PC\Meus documentos\Programas\Programas\Core Temp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

--
End of file - 3524 bytes

Log do MalWarebyt's:
Malwarebytes' Anti-Malware 1.30
Versão do banco de dados: 1403
Windows 5.1.2600 Service Pack 3

17/11/2008 10:39:44
mbam-log-2008-11-17 (10-39-44).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 123593
Tempo decorrido: 24 minute(s), 42 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 6
Valores do Registro infectados: 1
Ítens do Registro infectados: 0
Pastas infectadas: 1
Arquivos infectados: 4

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b1892f58-1116-4dec-92aa-577872ec3d3d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dd153fdb-e2fb-40d2-8e36-f21c36b51dad} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Valores do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{dd153fdb-e2fb-40d2-8e36-f21c36b51dad} (Trojan.Vundo) -> Quarantined and deleted successfully.

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
C:\Arquivos de programas\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Arquivos infectados:
C:\Arquivos de programas\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FBrowserAdvisor\inno.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A9EFDA6F-8AAD-4758-979F-0E645D8F78BF}\RP332\A0190229.exe (Adware.PlayMp3z) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A9EFDA6F-8AAD-4758-979F-0E645D8F78BF}\RP342\A0199333.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.


Edit: To isntalando o KarPersky
 
4870's@over, siga as instruções abaixo.

- Baixe o ComboFix e salve no desktop;

- Desative, temporariamente, o antivírus;
- Feche todas as janelas abertas;
- Vá em Iniciar > Executar, digite "%userprofile%\desktop\combofix.exe" /killall e clique em OK como na imagem:
combofixejr8.gif


- Na próxima janela clique em Executar e aguarde até que o relatório seja gerado;
- O ComboFix reiniciará seu PC automaticamente para completar o processo de remoção.
- Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
- Não clique na Janela do ComboFix, nem utilize o teclado;
- Para parar ou sair do ComboFix, tecle "N".

Cole o log do ComboFix em sua próxima resposta.
Afinal, qual é o problema que está ocorrendo na máquina? Lentidão? Pois suas infecções são fracas.
 
Mr.Wolf disse:
4870's@over, siga as instruções abaixo.

- Baixe o ComboFix e salve no desktop;

- Desative, temporariamente, o antivírus;
- Feche todas as janelas abertas;
- Vá em Iniciar > Executar, digite "%userprofile%\desktop\combofix.exe" /killall e clique em OK como na imagem:
combofixejr8.gif


- Na próxima janela clique em Executar e aguarde até que o relatório seja gerado;
- O ComboFix reiniciará seu PC automaticamente para completar o processo de remoção.
- Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
- Não clique na Janela do ComboFix, nem utilize o teclado;
- Para parar ou sair do ComboFix, tecle "N".

Cole o log do ComboFix em sua próxima resposta.
Afinal, qual é o problema que está ocorrendo na máquina? Lentidão? Pois suas infecções são fracas.
Clique para expandir...

Na aba Desempenho do Gerenciador de tarefas o uso da CPU não cai para menos de 30%, e na aba processos não há nenhum processo que use mais de 1%, logo ao iniciar o Win.
 
4870's@over disse:
Na aba Desempenho do Gerenciador de tarefas o uso da CPU não cai para menos de 30%, e na aba processos não há nenhum processo que use mais de 1%, logo ao iniciar o Win.
Clique para expandir...
É estranho! Vamos ver após a execução do ComboFix como ficará.

O Malwarebytes removeu grande parte da infecção, então isso já não deveria estar mais assim - se fossem os vírus. Portanto, pode não ser por causa deles que está ocorrendo este problema mostrado no Gerenciador de Tarefas.
 
Tive que formatar meu pc por causa de um vírus que peguei porque eu tinha desativado o antivirus pra instalar um programa, agora que formatei o explorer.exe depois que vc inicia o windows fecha sozinho ...e abre de novo ...as vezes nem abre mais ....
passei o scan do Eset Smart Security e achou 8 vírus...mais mesmo assim não parou de fechar sozinho o explorer.exe ...gostaria de saber o que pode ser isso ...sendo

Ta ai o Log do Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:13, on 17/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe
C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\regx32.exe
C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe
C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Rafa\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rafa\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Rafa\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - C:\WINDOWS\system32\pmnlifEU.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\regx32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O20 - Winlogon Notify: pmnlifEU - C:\WINDOWS\SYSTEM32\pmnlifEU.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4693 bytes
 
Você deve fazer login ou se registrar para responder aqui.

Users who are viewing this thread

Total: 6 (membros: 0, visitantes: 6)
Voltar
Topo